Apple, Google, and Microsoft are joining the FIDO alliance to embed an authentication standard into their respective systems and devices that eliminates passwords. A small revolution will change our daily lives.
May 5, 2022 was World Password Day – yes, it does! The opportunity to remind all those who are content with qwerty – still at the top of the rankings year after year –, with azerty or even the famous 123456, that a complex password is always the best way to keep personal data safe. shelter. But if you use several devices or have many accounts with web services, defining a password that is easy to remember, different and secure for each use, represents a punishment.
Good news. The three tech giants, Apple, Google and Microsoft, have jointly announced their intention to put an end to this famous sesame. And not in the next decade! From 2023 if we are to believe their joint statement. Microsoft is already experimenting on its side with a solution to do without the password in order to access its services as we describe in our fact sheet. But there, the three firms agree to rely on the FIDO (Fast Identity Online) standard. Originally developed by Google and Yubico and now under the control of the FIDO Alliancethis standard created with the World Wide Web Consortium (W3C), has many advantages to simplify the daily lives of users while promising them better security.
FIDO: ultra-simple authentication
Imagine: you want to open an app or a website on your smartphone, access to which is subject to entering a password. So you start by unlocking the device with a PIN, fingerprint, pattern or facial recognition system and then enter the password required to access the desired app or website. With FIDO, you will first need to register your device in order to designate it as trusted. And that’s all ! The system is based on the duo of private and public encryption keys. The first remains permanently in your device while the second is transmitted and saved in the app or website visited. So the next time you visit, simply unlocking your smartphone will give you access to your account in the app or website without having to enter anything else. A real time saver, especially since FIDO is cross-platform.
By being integrated into iOS, Android, Windows, macOS and Chrome OS, the standard is intended to be completely transversal. ” With access keys on your mobile device, you can log in to an application or service on almost any device, regardless of the platform or browser the device uses.said Vasu Jakkal, Microsoft vice president for security, compliance, identity and privacy. For example, users can sign in on a Google Chrome browser in Windows, using a password on an Apple device “. It will therefore suffice, for example, to unlock the iPhone on which the FIDO identifier is registered by FaceID or fingerprint to access an online account from the PC. But what if you lose or make your mobile fly? The FIDO Alliance has planned it.”Even if you lose your phone, your passwords will securely sync to your new phone from cloud backup, letting you pick up where your old device left off “, says Google in its press release.
FIDO: a more secure authentication system
In addition to simplicity, FIDO also wants to be safer. “Expanded FIDO support announced today will allow websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security “, said Sampath Srinivas, director of product management for secure authentication at Google and president of the FIDO Alliance. Indeed, if there is no longer a password associated with an account, the usual Scam attempts based on the use of fraudulently obtained sesames (or similar passwords used for many different accounts) will be impossible and doomed to failure.Still to adopt the standard.None of the three giants de la tech has not yet indicated the precise date on which the management of authentication will be entrusted to FIDO.