Apple, Google and Microsoft are speeding up the burial of passwords

Banque en ligne, réseaux sociaux, sites marchands… À chaque site, son mot de passe, et comme on utilise souvent le même, il peut être plus facilement piraté. © Song_about_summer, Adobe Stock


You will also be interested

[EN VIDÉO] Kézako: how is data encrypted on the Internet?
Cryptography is the oldest form of encryption. There are traces of its use up to 2,000 BC. This technique that is still used today, especially on the Web, reveals its mysteries in video thanks to the Kézako program by Unisciel and the University of Lille 1.

According to a report by Verizon cybersecurity expert, in 80% of cases, account breach comes from Password low and easy to find. There are good password managers enhance security by memorizing complex but weak passwords. But, soon, we will be able to rely on its fruitan alliance quite unexpected in between appleGoogle and Microsoft to enhance security.

The three giants of high technology joined forces to integrate together a safe and without Password either on mobile, Computers Where via The browsers. They will make their products support the Fido Alliance password-free login template (Fast Identity Online) and World Wide Web Consortium. Digital printingface scan or PIN code will be the new universal sesame to unlock your device and find your data.

A convenience alliance to enhance security

The system will be even more practical if you change smart phone, for example, you will not need to log in the first time using your password and username. It’s been a while since the three companies incorporated the data to support the Fido2 standard, but for now, it is still mandatory to log in to the accounts at least once by entering credentials.

With the new system and identifier unique enabled by biometrically, for example, it will now be very difficult for hackers to steal a user account. According to the Trinity, the application of this template without a password will be implemented within a year and will work indiscriminately in macOS and its browser in Safari, Android with Chrome or Windows and edge.

They are obsolete, the passwords will disappear

Behind the WebAuthn name lies a new template that suggests giving up passwords in favor of biometrics or keys USB secured.

Article by Fabrice Auclert, published in

The W3C (Word Wide Web Consortium), the main web standards management body and the Fido Alliance (Fast Identity Online), an association of companies aiming at internet security, has just announced adoption of the web authentication specificationalso known as WebAuthn, which will allow you to get rid of site passwords.

These two organizations worked together to solve a major security problem: passwords. Internet users use multiple accounts to access different sites, each with its own password. Faced with the difficulty of creating and storing so many different passwords, it often happens that they leave the default ones or choose passwords that are easy to remember, such as “1234”, or even use them everywhere. Then they are vulnerable to simple attacks, or can be recovered by infecting the victim’s computer. If the person used the same codes for many accounts, all may have been breached.

early adoption

There are some solutions to increase security, such as password management or multi-factor authentication, for example, with an SMS confirmation code, but this is not enough in the long run. Young protocol Fido2 provides improved security while simplifying usage by eliminating passwords. Specifically, it consists of two elements. First of all, an authentication, thanks to a biometric system (such as a fingerprint reader or camera), but also a portable device or USB Fido security key. The second element isAPI WebAuthn which allows, in particular, browsers and websites to exchange securely in order to be identified.

The major browsers had already predicted the adoption of WebAuthn. Mozilla integrated the API into version 60 of the Firefox browser, which was released in May 2018. Google followed just days later with version 67 of Chromium, followed by Microsoft with the Edge browser and Apple with Safari. This new template is supported on Windows 10 and Android.

A more convenient system and improved security

WebAuthn standardization, which therefore makes the Fido2 system available on all sites, has several advantages. The IDs are unique to each site and no confidential information is exchanged. It does not send passwords or biometric data. Therefore, they can not be obtained from Phishingand even if one account is compromised, it would not provide access to the victim’s other accounts.

Additionally, the registration creates a unique identifier for the site. This improves privacy, as it’s impossible to track a user from one site to another. Finally, the process is very simple to apply and fast to use. Websites must use the WebAuthn API, which is therefore standard. Users do not need to enter their username and password, they just need to activate their ID, as if to put their finger the fingerprint reader.

Are you interested in what you just read?



Source link

Leave a Comment

Your email address will not be published.