Google, Apple, Microsoft alliance with Passwordless authentication

Share this:

Google, Apple and Microsoft have announced that they will expand support for common Passwordless authentication. Authentication that does not require a password altogether may be realized in the future.

Apple, Google, and Microsoft announced on May 5th, World Password Day, that they will expand support for common Passwordless authentication. What exactly do you mean?

What is passwordless authentication?

Currently, we use passwords to authenticate users. However, the security of passwords is not sufficient, and the current situation is that security breaches such as account hijacking, data leakage, and personal information theft due to password theft are occurring frequently.

What is passwordless authentication?
What is passwordless authentication? (Source: FIDO Alliance press release)

Therefore, passwordless authentication, which authenticates user IDs without using a password, is attracting attention. Nowadays, it is becoming mainstream to log in to cloud services and web services using biometric authentication (fingerprint and face recognition) and PIN, for example.

The FIDO Alliance, a non-profit standardization body, was established with the aim of standardizing new online authentication technologies that utilize biometrics.

Google, Apple, Microsoft alliance with passwordless authentication

Apple, Google, and Microsoft expand support for common passwordless authentication created by the FIDO Alliance and the World Wide Web Consortium, a standards body established to promote the standardization of various technologies used on the World Wide Web. Announced the plan.

“By working as a community across platforms, we’ve made great strides towards password elimination,” said Alex Simmons of Microsoft.

How to authenticate without password?

These platforms already supported the FIDO Alliance technical standards and were working on passwordless authentication. However, in the past, users had to sign in to each website or app on a device-by-device basis before passwordless authentication.

See also  Kohli's Issues With Bat, Former India Coach Ravi Shastri Explains

According to this announcement, the authentication function installed in the user’s mobile terminal will be used for more seamless and secure passwordless authentication. Simply put, the authentication used to unlock the smartphone is shared with the web service and can be used for authentication.

How to authenticate without password?
Web service login is possible using the device authentication function (Source: FIDO Alliance press release)

Specifically, when a user logs in to a web service, etc., the web service is authenticated by using the authentication function (PIN, fingerprint authentication, etc.) installed in his / her smartphone. This is done by using one encryption token between the smartphone and the web service.

Mobile devices such as smartphones and tablets can store FIDO-compliant passkeys and can only be shared with web services for authentication when the device is unlocked. By requiring a physical device for authentication, it is possible to provide users with safer and easier authentication than conventional authentication methods.

If you lose your smartphone, your authentication will not be abused unless it is unlocked, and the data needed for authentication will be backed up to the cloud so you can sync to your new smartphone.

A society with advanced passwordless

The new features are expected to be available on each of the three companies’ platforms by 2023, but it is not clear how they will be introduced. What will happen if passwordlessness progresses?

Currently, we often use other companies’ devices and services, such as accessing the cloud services provided by Apple from the Google Chrome browser on a computer running Microsoft’s Windows. When accessing each, the password is not centralized and you need to enter it each time.

See also  Rotaeno: Official release of tangible rhythm action

Through the collaboration of the three companies in the future, it is thought that all that is required at the timing when it was necessary to enter a password is to unlock your smartphone by fingerprint authentication etc. near your computer.

There are concerns and troubles such as being asked to create a password every time you use a new Web service, forgetting the password and taking extra time to change the password, and sloppy password management that compromises security. It may disappear in the future

Read also: Best words to start wordle – Tips and Tricks 2022

Share this:

Leave a Comment