For years, the scourge of Internet users has been spam, the tsunami of spam that converged on all sides to spill into our mailboxes. But while it is on the verge of extinction, another scourge has prevailed: that of passwords, the number of which continues to grow with the galloping demystification of our societies. These passwords that ask us every step of the way on the Internet, whether it is a connection here with its basic internet services (Security, banking, insurance, telecommunications, doctor, transport, travel, etc.), there on its social networks, even in his various email accounts, in his web applications for office and leisure … they abound and everyone has to make their own small emergency solution (type A memorandum systemujourdhuiA-N @ ntes-ilfaitB3au! and / or paper or digital list) so as not to forget a single one, failing to reach the water.
And that’s exactly what Grahame Williams, Thales’s Director of Identity and Access Management, said yesterday on World Password Day, when he said that passwords “It became more and more dangerous” because it was “easily hacked”:
“Recent research shows that many CEOs still use ‘12356’ as their password. »
Indeed, the other big problem is security, the risk of your account being compromised – or even all of your accounts – and you can no longer access your data or for ransom. When the identity theft that awaits is not clear … In short, a heavy daily mental burden for management and a security mandate that goes beyond human comprehension. Because, literally shocked by their cognitive abilities, Internet users then use passwords that are very easy to guess or even always themselves to simplify their lives … but also fraudsters of all kinds in ambush.
According to an old study (2016) by Skyhigh Networks Analyzing the 11 million passwords offered for sale on the Darknet, 10.3% of Internet users use one of the 20 most popular Internet passwords. Which means that in less than 20 attempts, anyone could hack almost one in ten accounts.
Shock alliance to facilitate and secure Internet use
But good news in advance, the Internet giants Google, Apple and Microsoft took advantage of World Password Day on Thursday, May 5, to announce that they are joining forces to put an end to this ordeal. A press release released by Mountain View, Google’s bastion, announces that the three giants will join forces to create a system that allows authentication without having to memorize a series of Kabbalistic signs.
The new feature will allow websites and applications to offer consumers consistent, secure and easy password-free connections across all devices and platforms.
“With the new feature, consumers will be able to authenticate to websites and mobile applications easily, without passwords and securely, regardless of device or operating system,” the FIDO association summed up. Alliance (Fast Identity Online Alliance) in a press release.
FIDO is at the heart of this technological revolution, an alliance of manufacturers working to improve, facilitate and secure digital authentication. FIDO was officially released in February 2013 but was founded a year earlier, in 2012, by an alliance of big players like PayPal, Validity Sensors (these two are the original core created in 2009 around the public key cryptography issues), Lenovo , Nok Nok Labs, Infineon and Agnitio. It was in 2012 that work began on a password-free authentication protocol.
Since then, hundreds of tech companies and service providers around the world have worked through the FIDO Alliance and the W3C to create password-free connection templates already supported by billions of devices. running on all modern operating systems and web browsers (iOS, macOS, Safari, Chrome, Android, Edge, Windows, etc.), according to the FIDO press release.
Billions of devices … for billions of users: According to Live Stats, there are currently 5.3 billion Internet users worldwide. The number of Internet users multiplied by 10 between 1999 and 2013, constantly accelerating (1 billion Internet users in 2005, 2 billion in 2010, 3 billion in 2014).
“Fido IDs” for authentication across all platforms
In yesterday’s press release, Google explains that the goal is for users to be able to connect to an online service simply by unlocking their smartphone (using their usual method: fingerprint, face recognition, multi-digit code, etc.).
Specifically, a website can ask the Internet user if he wants to “verify himself with his FIDO ID”. This message will appear at the same time on his phone, where the user will simply have to accept, by unlocking his screen, to log in to the site. Smartphones will retain these encrypted IDs, called “passkeys”. Once you have registered with Fido, you will no longer need to create or enter a password.
The promise is that Fido authentication will be accessible regardless of operating system or browser and device-independent, as it will be possible to convert a new device via Bluetooth using a first device that already has the credentials. Also, it will not be necessary to use dual authentication via SMS, which has been characterized as obsolete since … 2016.
A leap solution, in twelve months
The three tech giants have pledged to implement this new system within twelve months, on Android and iOS (Google and Apple’s mobile operating systems), Chrome, Edge and Safari (Google, Microsoft’s browsers and Apple) and Windows and macOS (Microsoft and Apple PC operating systems).
“Password-only authentication is one of the biggest security issues on the web.” Apple notes in its statement, which adds:
“The new approach will protect against phishing and logging into a service will be radically more secure than passwords and other technologies, such as unique passwords sent via SMS. »
For Andrew Shikiar, Executive Director and CMO of FIDO Alliance, “This new capability should launch a new wave of FIDO applications low friction in parallel with the continuous and increasing use of security keys, giving service providers a full range of options for developing a modern, phishing-resistant authentication. “
(with AFP and Reuters)