To accelerate the emergence of a world without passwords, Apple, Google and Microsoft decide to act together. New features to improve the interoperability and usability of authentication devices are coming.
The future will undoubtedly be passwordless. In any case, it is in this direction that the big tech companies intend to go. This Thursday, May 5, three of the biggest groups in the sector — Google, Apple and Microsoft — announce their joint commitment to a radical change in the way you open a session on a site, a service or a device.
Clearly, the stated goal is to turn the page on these famous codes which serve as access keys to its accounts. Instead, the verification will be done by another means, advertised as much more secure and resistant. Their goal is to put an end to the drudgery of memorizing passwords, the risks of phishing, and codes that are too weak or too reused.
Replace passwords with biometrics, or something else
For this, Google, Apple and Microsoft promise to embrace the FIDO (Fast IDentity Online) standard even more. Behind the acronym hides a consortium of industrialists whose goal is to mobilize biometrics (fingerprint, voiceprint, facial recognition, iris analysis, etc.) to authenticate with a higher degree of certainty and security. the individuals.
While biometrics is one of the areas of work of the FIDO alliance, there are also other approaches, such as near field communication (NFC), TPM (Trusted Platform Module) cryptographic chips, smart cards or security USB keys (U2F). Google, for example, offers one, but there are several players in this market.
” This approach protects against phishing and the connection will be radically more secure compared to passwords and existing multi-factor technologies, such as one-time passcodes sent by SMS. “, is it argued. It relies on already common gestures, such as unlocking a smartphone with your finger or your face.
The FIDO standard is not new. We’ve been talking about it since the early 2010s and all the tech elite are involved: Amazon, Intel, Facebook, Lenovo, Mastercard, PayPal, Qualcomm, Thales, Samsung, Yahoo, Visa, ARM, eBay, Huawei, Netflix, Sony , Twitter and many more. There is also state support, from the USA to Germany, via Taiwan, Australia and South Korea.
Microsoft and Google had already been engaged in the FIDO project for some time. For example, both Android and Windows 10 won FIDO2 certification in 2019 — moreover, Google was involved in the alliance from the start. Microsoft has also been involved for several years, with an arrival in 2015. Apple came a bit later, in 2020.
The use of biometrics to authenticate individuals during connection is certainly not new. But Google, Microsoft, and Apple, as makers of three of the biggest consumer operating systems (Android, Windows, and iOS/macOS), and as heads of wildly popular products and services, are key to make the FIDO alliance a success.
Eliminate the friction of a passwordless experience
The three companies point out in this respect that they ” already support FIDO to enable passwordless login on billions of devices, but previous implementations require users to log in to every site or app with every device before they can use the passwordless feature. »
The objective here is to further reduce friction to make the use of this strong authentication solution even more user-friendly and interoperable. It is, says the announcement, to extend the implementations on the operating systems so that Internet users have access to two new capacities to open a session without the need to enter a password:
- Enable automatic access to their FIDO credentials on many of their devices, even new ones, without having to re-register each account;
- Enable to use FIDO authentication on a mobile device to log in to an app or site on a nearby device, regardless of OS platform or browser they are using.
Certainly, the security of passwords has evolved in recent years with the establishment of increasingly strict rules (for example, certain passwords that are too weak, too short or too obvious may be rejected at the time of registration to a service). Certainly, password managers and two-factor authentication help to increase the level of security.
This, the three partners willingly admit. But they point out that everything ultimately rests on the same foundation, the password. However, this base is today considered too weak for us to continue to build on it, even by adding double authentication or by placing all our passwords in a digital safe.
In addition to an experience that the three companies promise will be more pleasant, it will be possible for platforms that comply with the recommendations of the FIDO alliance to provide ” credentials without the need for passwords as an alternative method of login or account recovery “. Apple, Google and Microsoft promise the release of these new features in 2022.