Apple, Google and Microsoft are speeding up the burial of passwords

You will also be interested

[EN VIDÉO] Kézako: how is data encrypted on the Internet?
Cryptography is the oldest form of encryption. There are traces of its use until 2,000 BC. This technique, still used today, especially on the web, reveals its mysteries on video thanks to the Kézako program from Unisciel and the University of Lille 1.

According to a report by cybersecurity specialist Verizon, the hacking of an account in 80% of cases comes from a password low and easy to find. There are good ones password administrators which increases security by remembering complex but impossible to remember passwords. But soon we will be able to trust the fruit ofin alliance quite unexpectedly in between AppleGoogle and Microsoft to increase security.

That three fights of high technology have joined forces to integrate together a safe and without password whether it’s on mobiles, computers Where via that browsers. They want their products to support the Fido Alliance login standard without password (Fast identity online) and World Wide Web Consortium. Digital printface scan or pin code will be the new universal sesame to unlock your device and find your data.

A convenience alliance to strengthen security

The system becomes so much the more convenient if you switch smart phone, for example, you do not have to log in the first time with your password and username. It’s been a while since the three companies integrated the components to support the Fido2 standard, but so far it is still mandatory to log in to accounts at least once by entering credentials.

With the new system and its identifier unique activated by biometrics, for example, it is now becoming very difficult for hackers to steal a user account. According to the trio, the implementation of this password-free standard will be implemented within a year and will work arbitrarily on macOS and its Safari browser, Android with Chrome or Windows and edge.

Outdated, passwords disappear

Behind the name WebAuthn hides a new standard that proposes to provide passwords in favor of biometrics or keys USB secured.

Article by Fabrice Auclert, published on

W3C (Word Wide Web Consortium), the main organization that manages web standards, and the Fido Alliance (Fast identity online), an association of companies aimed at securing the network, has just announced adoption of the Web Authentication specificationalso known as WebAuthn, which allows you to get rid of passwords on websites.

These two organizations have joined forces to solve a major security problem: the passwords. Internet users use many accounts to access different websites, each with its own password. Faced with the difficulty of creating so many different passwords and remembering them, it often happens that they leave the default codes or choose passwords that are easy to remember, such as “1234”, or even that they use the same everywhere. They are so vulnerable to simple attack, or can be recovered by infecting the victim’s computer. If the person used the same codes for multiple accounts, they can all be compromised.

early adoption

There are a few solutions to increase security, such as password managers or multi-factor authentication with, for example, an SMS verification code, but that is not enough in the long run. New protocol Fido2 provides increased security, while simplifying usage by removing passwords. Specifically, it is composed of two elements. First of all, an approval, thanks a biometric system (such as a fingerprint reader or camera), but also a mobile device or a Fido security USB key. The second element isAPIs WebAuthn which especially allows browsers and websites to exchange in a secure way to identify themselves.

Major browsers had already anticipated the adoption of WebAuthn. Mozilla integrated the API into version 60 of its Firefox browser, released in May 2018. Google followed suit just a few days later with version 67 of Chrome, then Microsoft followed with its Edge browser and Apple with Safari. This new standard is supported on Windows 10 and Android.

A more convenient system and improved security

The standardization of WebAuthn, which therefore makes the Fido2 system accessible to all websites, offers several benefits. Identifiers are unique to each website and no secret information is exchanged. It does not send passwords or biometric data. It is therefore not possible to get them per Phishingand even in the event that an account is compromised, it will not provide any access to the victim’s other accounts.

In addition, the registration creates a unique identifier for the website. This enhances privacy as it is then impossible to follow a user from one site to another. Finally, the process is very simple to implement and quick to use. Websites must use the WebAuthn API, which is therefore standardized. Users do not have to enter their username and password, they just need to activate their identification system, such as putting their finger on the fingerprint reader.

Interested in what you just read?

Leave a Comment