people in general have weak passwords for their online profiles. But some of us have such bad passwords that instead of relying on people to change their habits and create stronger passwords, the three biggest players in tech — Apple, Google, and Microsoft — have decided to do away with password use altogether They’re introducing a whole new system for users to log into their accounts.
In a concerted effort to reduce the number of data breaches and hacking attacks on their user accounts, Apple, Microsoft and Google jointly announced Thursday that they have committed significant resources to building a new system for passwordless sign-in. This will be implemented across all mobile, desktop and browser platforms they control in the years to come.
“As we design our products to be intuitive and powerful, we also design them to be private and secure,” said Kurt Knight, Apple’s senior director of platform product marketing. “Working with the industry to develop new, more secure login methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to create products that offer maximum security and a transparent user experience – all with with the goal of keeping users’ personal information safe,” Knight added.
The idea is to use a physical device, typically a smartphone, as the primary authenticator for apps, websites, and other digital services. Unlocking this smartphone with a PIN, pattern or fingerprint should be enough to log into any web service. These authenticators use a cryptographic token or passkey that is shared between the phone and the website.
This way, users benefit from a very simple and secure login system and don’t have to remember complicated passwords, which is why Why people have bad passwords like “123456” or “password”. first, and then repeat these passwords for various other profiles.
Additionally, the simplest way for “phishing” or password stealing to take place is for people to use compromised networks and websites while surfing the Internet, where they are required to enter a password that is intercepted by attackers.
A passwordless system using such a passkey makes it much harder for hackers to compromise credentials remotely, as the login requires access to a physical device.
The most common passkey standard used in the technology space is called FIDO Passkey and is being developed by the FIDO Alliance. How it works is that a user’s phone stores a unique FIDO-compatible passkey and only shares it with a website for authentication when the phone is unlocked. According to Google’s post, passkeys can also be easily synced to a new device from cloud backup in case a phone is lost.
This article was previously published on Source link