According to a report by Verizon cybersecurity expert, in 80% of cases, account breach comes fromlow and easy to find. There are good enhance security by memorizing complex but weak passwords. But, soon, we will be able to rely on its fruit quite unexpected in between Google and to enhance security.
Theof high technology joined forces to integrate together a safe and without either on mobile, Where via The . They will make their products support the Fido Alliance password-free login template (Fast Identity Online) and World Wide Web Consortium. face scan or will be the new universal sesame to unlock your device and find your data.
A convenience alliance to enhance security
The system will be even more practical if you change, for example, you will not need to log in the first time using your password and username. It’s been a while since the three companies incorporated the data to support the Fido2 standard, but for now, it is still mandatory to log in to the accounts at least once by entering credentials.
With the new system andunique enabled by , for example, it will now be very difficult for hackers to steal a user account. According to the Trinity, the application of this template without a password will be implemented within a year and will work indiscriminately in macOS and its browser in Safari, Android with Chrome or Windows and .
They are obsolete, the passwords will disappear
Behind the WebAuthn name lies a new template that suggests giving up passwords in favor of biometrics or keyssecured.
Article by Fabrice Auclert, published in
The W3C (Word Wide Web Consortium), the main web standards management body and the Fido Alliance (Fast Identity Online), an association of companies aiming at internet security, has just announcedalso known as WebAuthn, which will allow you to get rid of site passwords.
These two organizations worked together to solve a major security problem:. Internet users use multiple accounts to access different sites, each with its own password. Faced with the difficulty of creating and storing so many different passwords, it often happens that they leave the default ones or choose passwords that are easy to remember, such as “1234”, or even use them everywhere. Then they are vulnerable to , or can be recovered by infecting the victim’s computer. If the person used the same for many accounts, all may have been breached.
There are some solutions to increase security, such as password management or multi-factor authentication, for example, with an SMS confirmation code, but this is not enough in the long run. YoungFido2 provides improved security while simplifying usage by eliminating passwords. Specifically, it consists of two elements. First of all, an authentication, thanks to (such as a fingerprint reader or camera), but also a portable device or USB Fido security key. The second element is WebAuthn which allows, in particular, browsers and websites to exchange securely in order to be identified.
The major browsers had already predicted the adoption of WebAuthn.integrated the API into version 60 of the Firefox browser, which was released in May 2018. Google followed just days later with version 67 of , followed by Microsoft with the Edge browser and Apple with Safari. This new template is supported on and Android.
A more convenient system and improved security
WebAuthn standardization, which therefore makes the Fido2 system available on all sites, has several advantages. The IDs are unique to each site and no confidential information is exchanged. It does not send passwords or biometric data. Therefore, they can not be obtained fromand even if one account is compromised, it would not provide access to the victim’s other accounts.
Additionally, the registration creates a unique identifier for the site. This improves privacy, as it’s impossible to track a user from one site to another. Finally, the process is very simple to apply and fast to use. Websites must use the WebAuthn API, which is therefore standard. Users do not need to enter their username and password, they just need to activate their ID, as if to put their finger.