Password days can be numbered. Google, Apple and Microsoft unite for a password-free digital world – Observer

You have free access to all observer articles for being our subscriber.

Arranging complex passwords with lowercase, uppercase, and uppercase letters to access the most diverse applications can be a complex task. About 23 million people around the world still use the password “123456” and many of them use other simple passwords such as “abc123”.

“Passwords bring a lot of problems. The most used passwords in Portugal and in the world are things like 123456, female and male proper names, ugly words, football club names. It is very easy to guess. There are a lot of problems with passwords. A disaster that has been known for decades. It didn’t have a great solution,” Miguel Correa, a professor at the Higher Technical Institute who specializes in computer engineering, told the Observer. However, World Password Day, which is celebrated on May 5, has revealed that we may be getting closer and closer to the end of passwords, which may become a thing of the past.

About 23 million Internet users have the (usual) password “123456”

With the increasing number of applications and services OnlinePeople have more and more accounts and therefore more passwords. Since it is difficult to remember and manage a large number of passwords, people end up reusing them in the most diverse services, which makes them less secure. Logging into apps without having to enter a password might be the solution, but is it even possible? Google, Apple and Microsoft are collaborating to ‘over the next year’, make available ‘support for FIDO’s authentication standards (Quick ID Online) without a password” on their systems. Tech giants want to use a unique access key To access all the services available on the mobile phone.

pub • Continue reading below

When a user registers for a file website Or in an app on your phone, you’ll just need to unlock your phone – your account will no longer need a password,” Google announced in a statement. Thus, instead of asking you for a password, a notification is sent to the mobile phone asking to verify the person’s identity. Same method Used to unlock the phone – your fingerprint, PIN, or even facial recognition – is enough to access all the apps, without having to create accounts or enter passwords.

proces sign in The password will not allow individuals to choose their mobile phone as the primary authentication device for applications or websites. If you want to record from your computer, it is only necessary to have your mobile phone near you because you will be asked to unlock it in order to access this application. From here, the device will not be prompted again and registration can only be done by unlocking the computer. If at any point a person doesn’t want to use a cell phone, but rather a tablet or computer for authentication, they can send an unlock request to that device using Bluetooth, Wired reports.

With the new authentication method, the mobile phone then stores the FIDO credentials, It is an access key, which makes recording more secure, and can only be accessed when the cell phone is unlocked. “The complete transformation to a password-free world will begin with consumers making it a natural part of their lives,” Microsoft Vice President Alex Simmons said in a statement, adding, “Working together as a community through our platforms, we can finally achieve this vision and make significant progress toward removing passwords from our passwords.” passwords. We see a bright future for FIDO-based accreditations.”

Even if you lose your phone, your passkeys will be securely synced to the new phone from your backup Cloud Allowing the user to continue where exactly the old device left off.” So, if a person has to change his cell phone, the access key “goes” with him.

“This teacher [da eliminação das passwords] It is a testament to the collaborative work done across the industry [tecnológico] To increase protection and eliminate legacy password-based authentication,” Mark Reacher, Google Product Manager, said in the same release. “For Google, this represents nearly a decade of work that we have done alongside FIDO, as part of Our continuous innovation towards a password-free future.

An illustration showing what the login process without a password would look like

The sign in No password is beyond the difficulty of finding different passwords for each app or service, without having to remember your login details to enter them. Password reuse has been the main driver of cyberattacks in recent years, according to cybersecurity firm SpyCloud’s annual report.

Cyber ​​security specialist Pedro Vega explains to the Observer that “many people use the same thing Username and password On many sites, “Reusing passwords can put the security of people’s computers at risk.” Assuming you have a Wook account, you use your personal email address and have a certain password. This data may be used by other e-commerce sites. Use it at Wook, at Bertrand and you can use it on Amazon. If a hacker manages to steal your ID and password on a particular site, they can try to use that same data on other sites. If someone gets “punched,” you may be able to log into your account from other sites,” he warns.

But the end of passwords tells you more than just the end of password reuse. By making login dependent on a physical device and a unique attribute of the user – such as a fingerprint or facial recognition – it benefits not only from greater simplicity, but also from greater security.

The system without a password is expected to make it difficult for hackers to hack a file’s details sign in remotely, because it requires access to a physical device, The Verge explains. Phishing attacks, where users are directed to a fake website to get a password, will be more complicated to organize. This is because the easiest way to steal passwords is when individuals use compromised services – where they need to enter a password – when browsing the Internet.

Pedro Vega, former coordinator of the National Center for Cyber ​​Security, gives a practical example. “Suppose you get a message from Novo Banco that says ‘We have detected a security issue with your account. Click this link and change your password. Assuming it was naive, I clicked on the link and was redirected to a site that looks like Novo Banco from an appearance point of view, but if you look at the address bar, I realize it’s not. put Username The password and this fake website have stolen your data. Usually you get an error message saying “try again” and when you log in again you are already on the real websitebut has already been “stalked” or “hunted”. These cases phishing It fails when there is “no password problem” – or when passwords expire and other methods are used, such as those supported by Apple, Google, and Microsoft.

Using facial or fingerprint recognition for passwords also has issues, since “no methods are 100% secure”. “There are stories told, for example, of a wife who wants to unlock her husband’s cell phone and who puts her husband’s finger on the fingerprint reader and he is able to unlock the cell phone and access his messages.” Although weak like this, these methods are “much better than the famous methods Username password, which is very fragile from a cybersecurity perspective. These are more powerful systems. For now, they free the person from the trouble of saving passwords and then have the advantage of using something besides that Username/password”, Pedro Veiga adds in comments to the Observer.

Miguel Correia, a computer engineering specialist, agrees that fingerprints or facial recognition also have problems because “they can’t change or sometimes change tangentially.”

The person burns their finger and no longer has a fingerprint. Or the person looks worse because they are sick and the recognition has stopped working. However, they actually solve a lot of password issues,” he points out.

Some applications already include a FIDO authentication process, but a file sign in Configuration also requires the use of a password in order for this system to be configured. Sampath Srinivas, President of the FIDO Alliance, explained in a note sent to The Verge that the announcement by Google, Microsoft and Apple is an update to this feature that will eliminate the initial password requirements. In this way, this system will enable websites to implement, for the first time, a comprehensive password-free experience with anti-logic security phishingOr at first sign in on a specific site, or on subsequent accesses. The user will be able to create accounts without requiring a password on first use.

When industry-wide passkey support is available [tecnológico] In 2023, we will finally have the platform that represents the Internet for a truly passwordless future,” asserts Sampath Srinivas, whose statements are confirmed by a statement from FIDO revealing that “the new system should reach the platforms of Apple, Google and Microsoft in the coming period. public”.

The project announced on May 5 by the three tech giants should be implemented early next year – although no exact date has been revealed – and is being developed in collaboration with the World Wide Web Consortium (W3C), which is responsible for promoting Internet standards, and FIDO Alliance, a consortium launched in 2013 with the goal of eliminating dependence on passwords.

When we create an account in an application, we are asked to use a password that is complex, but also unique to each online service. Many people still use frequent and simple passwords, which can put the security of their personal data at risk. Fear of cyber attacks and trying to prevent accounts from existing Hacked It has led an increasing number of users and companies to introduce two-factor authentication to sign in. Now Apple, Google, and Microsoft want to change the way you sign into apps by removing passwords. The system should be available on Android, Google Chrome, iOS, macOS, Safari, as well as on Windows and Edge.

Passwords certainly won’t go away overnight, but with this ad, can its days be seriously numbered? “No,” Miguel Correa assured the observer. “Convincing everyone to change is not easy. Problems will remain, but they may reduce. [O novo método] It may not solve the per-person or per-person password problem, but it can solve for companies with more serious security issues. better than nothing.”

Leave a Comment