With the Passkey, Apple is already burying the password

Last May, Futura explained that Microsoft, Google and Apple had agreed to end the password and replace it with a universal solution, such as a PIN, or sensors biometric present on the devices (digital print, facial recognition, etc.). Apple will be the first to draw by integrating this capacity with the deployment ofiOS 16 today, then within a month with macOS Ventura. At Apple, the process that will be implemented is called Passkey. This new sesame can easily connect you to appsweb services and even create new accounts, without having to generate password complex and memorize it. In other words, it is the beginning of the end of passwords and, ultimately, may also be that of essential password managers.

The famous sesame is replaced with a pair of unique encryption keys that will be synced to iCloud Keychain. If you already have an account with credentials for a service or application, you will first need to log in with these credentials. Only then can you use the Passkey to replace it. On the other hand, if you create a new user account, you can generate this Passkey directly.

Reinforcing biometrics

No more ridiculously simple password stories like the famous 12345678, but the principle will remain the same. The Passkey is based on the protocol FIDO which was developed by the alliance resulting from the agreement between the tech giants, and in particular Apple, Microsoft and Google. It will therefore not be specific to the apple brand and will also work for other services, such as Meta, or Amazon, for example. Until Futura can test iOS 16 and this specific function, Apple’s demonstrations show that a message is displayed and asks if you want to save a password. From then on, the device prompts you to use Face IDTouch ID or another method ofauthentication to generate the Passkey.

Apple, Google and Microsoft are speeding up the burial of passwords

A year from now, it will be the beginning of the end for the famous sesames that are difficult to remember when they are complex and so easy to hack when you can memorize them. The three computer giants have agreed to integrate the Fido2 passwordless identification standard.

Article by Sylvain Biget, published the 2022-05-08amended on 01/08/2022

According to a report by cybersecurity specialist Verizon, in 80% of cases, the hacking of an account comes from a password low and easy to find. There are good password managers which reinforce security by memorizing complex, but impossible to remember passwords. But, soon, we will be able to rely on the fruit ofan alliance quite unexpected between Apple, Google and Microsoft to strengthen security.

The three giants of high-tech have joined forces to integrate together a secure and passwordless identification whether on mobiles, computers Where via them browsers. They will make their products support the Fido Alliance passwordless login standard (Fast IDentity Online) and World Wide Web Consortium. Digital printface scan, or pin code will be the new universal sesame to unlock your device and find your data.

An alliance of convenience to strengthen security

The system will be all the more practical, if you change smart phone, for example, you will not need to log in the first time using your password and username. It’s been a while since the three companies integrated the components to support the Fido2 standard but, for now, it’s still mandatory to log in to accounts at least once by entering credentials.

With the new system and its identifier unique activated by the biometrics, for example, it will now be very difficult for hackers to take over a user’s account. According to the trio, the implementation of this passwordless standard will be implemented within a year and will work indifferently on macOS and its Safari browser, Android with Chromium Where Windows and edge.

Outdated, passwords will disappear

Behind the name WebAuthn hides a new standard that proposes to abandon passwords in favor of biometrics or keys USB secured.

Article by Fabrice Auclert, published on 06/03/2019

The W3C (Word Wide Web Consortium), the main organization that manages web standards, and the Fido Alliance (Fast IDentity Online), an association of companies that aims to secure the web, have just announced adoption of the Web Authentication specificationalso known as WebAuthn, which will allow you to get rid of passwords on websites.

These two organizations have teamed up to solve a major security problem: the passwords. Internet users use many accounts to access different websites, each with its own password. Faced with the difficulty of creating so many different passwords and remembering them, it often happens that they leave the default ones or opt for passwords that are easy to remember, such as “1234”, or even that they use the same everywhere. They are then vulnerable to simple attacks, or can be recovered by infecting the victim’s computer. If the person used the same codes for multiple accounts, they may all be compromised.

early adoption

There are a few solutions to increase security, such as password managers or multi-factor authentication with, for example, a confirmation code by SMS, but this is not enough in the long run. The new Fido2 protocol provides enhanced security, while simplifying use by eliminating passwords. Concretely, it is composed of two elements. First of all, an authentication, thanks to a biometric system (such as a fingerprint reader or a camera), but also a mobile device or a Fido security USB key. The second element is theAPIs WebAuthn which allows, in particular, browsers and websites to exchange in a secure way in order to identify themselves.

Major browsers had already anticipated the adoption of WebAuthn. Mozilla integrated the API into version 60 of its Firefox browser, released in May 2018. Google followed suit just a few days later with version 67 of Chromium, then Microsoft followed with its Edge browser, and Apple with Safari. This new standard is supported on Windows 10 and android.

A more convenient system and enhanced security

The standardization of WebAuthn, which therefore makes the Fido2 system available to all websites, brings several advantages. Identifiers are unique for each website, and no secret information is exchanged. It does not send passwords or biometric data. It is therefore not possible to obtain them by Phishingand even in the event that one account is compromised, it would not give any access to the victim’s other accounts.

In addition, registration creates a unique identifier for the website. This improves privacy, since it is then impossible to follow a user from one site to another. Finally, the process is very simple to implement and quick to use. Sites must use the WebAuthn API, which is therefore standardized. Users do not have to enter their username and password, they just need to activate their identification system, such as putting their finger on the fingerprint reader.