FIDO, the future standard without a password (on which Apple, Google and Microsoft are betting)

from Michela Rovelli

The three tech giants renew their support and commitment to the alliance as it tries to imagine a new standard capable of overcoming passwords, the number of which is constantly growing and the risks of which are increasing.

At least eight characters, a special, numbers and uppercase letters. Creating a good password – and every account needs a new one – is almost a conundrum. The rules are multiplying. Particularly, We have many passwords: NordPass – one of the most used software that helps us manage it – calculates that Each of us uses an average of 100 passwords. And the number keeps growing in an increasingly digital world. Then there is a problem security: According to Avast, an antivirus company, Over 90% of merchants are vulnerable to attacks. It is inevitable that someone wonders if there is a way to do without it. Starting with who invented the password. The sixties began when the computer world began Fernando Jose Corbato The Massachusetts Institute of Technology in Boston created the first computer system with a password to access files. Years later, now 87, he admitted his idea had become “A kind of nightmarenightmare according to Bill GatesThe end will come soon. In 2004, the founder of Microsoft predicted that Passwords are dying out. the reason? “They don’t face the challenge of securing critical information.”

Alliance

And Bill Gates isn’t the only one who thinks passwords have and should be numbered. There is covenant, videowho has been working since 2012 to change the “nature of authentication”. Among the members are the biggest tech giants who together try to organize a happy funeral of passwords. They are in particular Apple, Google and Microsoft Make a big bet on this new standard This should ensure greater security on the Internet, freeing us from the “slavery” of passwords. Security, yes, because the authentication system most used today does not really allow us to protect our accounts. Calculate World Economic Forum who who 80% of enterprise data breaches are caused by weak passwords. For management and monitoring, each company spends an average of $1 million per year.

HOW THE FIDO SYSTEM WORKS

Here then, the FIDO Alliance is working on an alternative, in collaboration with the World Wide Web Consortium. also called “master key“It works like this: when signing up for an online service, the device – a smartphone, so to speak – creates New key pair. who who propagated It is stored on the device itself, meanwhile public It was saved by the app or website. When the user wants to enter it later, IThe device must “prove” that it has its own service key. The private key is unlocked by entering a PIN, facial recognition or any other tool we use to unlock your phone, PC or tablet. A bit like a password manager, there is only one password (in this case, smartphone authentication) to remember.

Collaboration between Apple, Google and Microsoft

The goal is to make this protocol a reality.In the coming yearsIt’s not easy, but the conditions are there. Particularly, There is cooperation between the three operating system vendors: Apple (iOS and OS), The Google (Android) and Microsoft (The Windows). To be effective, the standard must already be cross platform It is compatible with any device at hand. Until now, however, the system required users to access every website or app with every device before they could use the passwordless feature (the device, after all, retains the private key). Grandma announced Password Day occasion It’s All Here: Allow users to use passkey even on new smartphones or computers, without having to authenticate again, regardless of the operating system or browser used. Explained on the whitepapers: “If a user sets up a number of FIDO credentials for different relying parties on their phone and then gets a new phone, that user should be able to expect all of their credentials to be FIDO credentials are available on the new phone. This means that users no longer need passwords: when they move from one device to another, their FIDO credentials are already there and ready to be used for anti-phishing authentication.” It was emphasized that this is not a change of standard, but simply a need for cooperation between vendors.

Biometrics and two-factor authentication

To overcome the problem of too many and weak passwords, so far there are two ways. The first is Two-factor documentation. Certainly more secure, it is a system that consists of entering a password and then re-testing it with other custom generated information, OTPs (password for oncewhich are sent to us by e-mail or SMS and are valid for a few minutes) or 1 minute notice on a pre-authenticated device. A possible alternative, already widespread in some of its forms, is fingerprints, the technology that transforms a unique feature of the body into an authentication system. We already use it for smart phone lockWith fingerprint or facial recognition. There are other systems. To like Speech Recognition, which determines the sound waves of our voice, tone, tone. or the Recognize the iris of the eyethrough infrared light, and behavioral biometricsWho studies user behavior patterns. So far, biometrics still can’t completely get rid of using a file backup code – If authentication fails – but there are those who bet this will be the way out of password slavery. On the other hand, it is our body, in this case, which provides us with the material to secure the accounts. This is a strength but also a weakness: if our themes are cloned, how can we “change the password” because the password is part of us? Doubts abound AGGREGATE: In addition to the problems of theft of biometric components – which essentially amounts to stealing part of our identity – there is the problem of data storage. We must ensure that this information is stored on secure servers and is not used for secondary purposes such as surveillance. And while in some cases, like the big tech giants, we can be pretty sure that our data is held, we certainly can’t rely on biometrics for every online authentication. But biometrics should be a great ally of this passwordless system created by the FIDO Alliance.

May 7, 2022 (modified May 7, 2022 | 11:47 AM)

About Roberto Frank

Check Also

Top 25 transfers for the 2022-23 season from CBS Sports

A standard 3,616 Division I players have entered the transfer portal for the …