Last May, Futura explained that MicrosoftMicrosoftand Google and appleapple Agree to put a limit on the password (see article below) and replace it with a universal solution, such as a PIN, or sensorssensors fingerprints available on devicesdigital printingdigital printingfacial recognition, etc.). Apple will be the first to extract by integrating this ability with publishingiOSiOS 16 today, then in a month with macOS Ventura. At Apple, the process that will be performed is called Passkey. This new sesame can easily connect you to it appsappsand web services and even create new accounts, without having to create The password complex and memorized. In other words, it is the beginning of the end of passwords, and at the end, it may also be the beginning of the end of basic passwords.
the famous Sesame It is replaced by a pair of keys from encryptionencryption that will be synced with iCloud Keychain. If you already have an account with credentials for a service or app, you will first need to sign in with those credentials. Only then can you use the passkey to replace it. On the other hand, if you create a new user account, you can create this passkey directly.
No more history for ridiculously simple passwords like the famous 12345678, but the principle will remain the same. The passkey is located on a file protocolprotocol video Which was developed by the alliance resulting from the agreement between the tech giants, in particular Apple, Microsoft and Google. So it will not be limited to the Apple brand and will also work with other services, such as Meta or AmazonAmazon, for example. In order for Futura to test iOS 16 and this specific functionality, Apple shows that a message is displayed and asks if you want to save a password. From then on, the device will prompt you to use Face IDor Touch ID or any other methodAuthenticationAuthentication To generate the passkey.
Apple, Google and Microsoft are speeding up the process of burying passwords
A year from now, it will be the beginning of the end for famous sims that are hard to remember when they are complex and easy to hack when you can memorize them. The three computer giants have agreed to integrate the Fido2 password identification standard.
Article by Sylvain Beguet, published in
According to a report by cybersecurity specialist Verizon, in 80% of cases, account hacking comes from The password Low and easy to find. There are good Password managers which enhance security by memorizing complex passwords, but which are impossible to remember. But, soon, we will be able to count on the fruitsalliance Completely unexpected between Apple, Google and Microsoft to enhance security.
The Three giants High-tech powers to integrate secure and passwordless identification whether on mobile phones, computers or Across they BrowsersBrowsers. They will make their products support the Fido Alliance passwordless login standard (Quick Identity Online) And the World Wide Web Consortium. digital printingor scan the face or password New global sesame will be to unlock your device and find your data.
Convenience Alliance to Strengthen Security
The system will be more practical, if you change smart phoneFor example, you won’t need to log in the first time with your username and password. It’s been a long time since the three companies combined the components to support the Fido2 standard, but for now, it’s still mandatory to log into accounts at least once by entering credentials.
With the new system and identifier Edited by BiometricsBiometricsFor example, it would now be very difficult for hackers to take over a user’s account. According to the trio, this passwordless standard will be implemented within a year and will work carelessly on macOS and its Safari browser, Android with chrome where windows and edge.
Outdated passwords will disappear
Behind the name, WebAuthn hides a new standard that proposes abandoning passwords in favor of biometrics or keys USBUSB Believer.
Article by Fabrice Auclert, published in
The W3CW3C (Worldwide Network Consortium), the main organization that manages web standards, and the Fido Alliance (Quick Identity Online), a group of companies aiming to secure the web, has just been announced Adopt web authentication specificationalso known as WebAuthn, which will allow you to get rid of passwords on websites.
These two organizations have teamed up to solve a major security problem: passwords. Internet users use many accounts to access different websites, each with its own password. Faced with the difficulty of creating and remembering many different passwords, it often happens that they leave the default passwords or choose easy-to-remember passwords, such as “1234”, or even that they use the same words everywhere. Therefore, they are vulnerable to simple attacks, or can be recovered by infecting the victim’s computer. If the person uses the same symbolssymbols For multiple accounts, they may all be hacked.
There are a few solutions to increase security, such as password managers or multi-factor authentication using, for example, a confirmation code by short messageshort messageBut this is not enough in the long run. The new Fido2 protocol provides improved security, while simplifying use by eliminating passwords. Concretely, it consists of two components. First of all, authentication, thanks Biometrics system (such as a fingerprint reader or camera), but also a mobile device or a USB security key from Fido. The second element isAPIsAPIs WebAuthn which in particular allows browsers and websites to interchange in a secure way to identify themselves.
Major browsers had already expected WebAuthn to be adopted. Mozilla The API was integrated into Firefox version 60, released in May 2018. Google followed suit just a few days later with version 67 of the Firefox browser. chromeMicrosoft followed with its Edge browser, and Apple with its Safari. This new standard is based on Windows 10Windows 10 and Android.
Improved more convenient and secure system
Standardizing WebAuthn, making the Fido2 system available to all websites, brings many advantages. Identifiers are unique to each website, and no confidential information is exchanged. It does not send passwords or biometric data. So it can not be obtained by phishingEven if one of the accounts is hacked, it will not grant any access to the other victim’s accounts.
In addition, registration creates a unique identifier for the site. This improves privacy, as it is then impossible to follow the user from one site to another. Finally, the process is easy to implement and quick to use. Sites must use the WebAuthn API, which is therefore standardized. Users do not have to enter their username and password, they just need to activate their identification system, such as putting their finger on Fingerprint Reader.
“Evil thinker. Music scholar. Hipster-friendly communicator. Bacon geek. Amateur internet enthusiast. Introvert.”