Google, Apple, and Microsoft are working together to deploy passwordless sign-in | #microsoft | #hacking | #cybersecurity


Jimmy Westenberg / Android Authority

TL;DR

  • Google, Apple, and Microsoft are adopting the FIDO passwordless sign-in standard.
  • All three companies are committed to cross-platform implementation.
  • The new method should provide greater security over traditional passwords.

As part of World Password Day, Google, Apple, and Microsoft have announced a joint effort to adopt passwordless sign-in on their various platforms, bringing the technology mainstream.

Passwordless sign-in has been in the works for some time, promising improved security and convenience. While there have been efforts to speed up the technology’s use, joint adoption by Google, Apple, and Microsoft represents the single biggest step forward. What’s more, all three companies have committed to making sure their implementations are compatible with one another.

The FIDO Alliance is the organization behind the push toward passwordless sign-in. The organization helped develop the standard for the technology, with it being adopted by the World Wide Web Consortium (W3C).

While passwords have been the default security method since the early days of computing, passwords are vulnerable to theft and compromise. In many cases, all a hacker has to do is compromise a user’s password to gain access to the corresponding service. Since many individuals reuse passwords across services, even a single compromised password can open the door to multiple attacks. If a hacker gains access to the password a user employs for a password management app or service, the results can be disastrous.

See also: Best password manager apps for Android

In contrast, passwordless sign-on essentially uses a person’s phone as a hardware key. The phone will store a FIDO passkey, which is also backed up online. To sign in to a computer or website, the user will be prompted to unlock their phone. The process of unlocking the phone authorizes them to use the computer or website in question.

As an added benefit, even if a person loses their phone, they can easily pick up where they left off with a new one, thanks to their passkey being backed up online. At the same time, because the passkey uses modern cryptographic standards, the security of the transactions is maintained throughout the process.

Google FIDO Implementation

Because Google, Apple, and Microsoft are all working together to adopt the FIDO standard, users will be able to cross-authenticate their devices and services, regardless of their platform of choice.

“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, Senior Director of Product Management, Google. “For Google, it represents nearly a decade of work we’ve done alongside FIDO as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, Chrome OS, Android, and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”



Original Source link

Leave a Reply

Your email address will not be published.

40 − thirty one =