A common authentication system, called FIDO, could be released within a year, say industry giants.
(illustration) (AFP / KIRILL KUDRYAVTSEV)
“Did you forget your password?”. The hassle of unique passwords to remember could soon become history within a year thanks to the “FIDO” system.
Google, Apple and Microsoft announced an agreement on Thursday, May 5 to create this protocol,
which allows you to verify yourself on the Internet without having to memorize a number of signs.
Smartphone in the center of the game
“With the new feature, consumers will be able to authenticate to websites and mobile applications easily, without passwords and securely, regardless of device or operating system,” the FIDO association summed up. Alliance (Fast Identity Online Alliance) in a press release.
Since 2012, it has brought together industry players to work on common authentication systems.
The goal, Google explains, is for users to be able to connect to an online service simply by unlocking their smartphone (via their usual method: fingerprint, face recognition, multi-digit code, etc.)
Specifically, a website can ask the Internet user if he wants to “verify himself with his FIDO ID”. This message will appear at the same time on his phone, where the user will simply have to agree, by unlocking his screen, to log in to the site. Smartphones will retain these encrypted IDs, called “passkeys”.
The three tech giants have pledged to implement this new system within twelve months, on Android and iOS (Google and Apple’s mobile operating systems), Chrome, Edge and Safari (Google, Microsoft’s browsers and Apple) and Windows and macOS (Microsoft and Apple PC operating systems).
From “azerti” to “dudu”, exposed codes
“Password-only authentication is one of the most important security issues on the Web,” Apple said in a statement. Unable to manage so many different passwords, individuals often reuse the same password, facilitating account acquisition, data leakage, and identity theft.
According to a study by the mobile security company Lookout, millions of users prefer widespread and insecure passwords, which are likely to be targeted by hacks.
The five most used passwords in the world are: 123456, 123456789, qwerty, password and 12345.
In France, the two most common combinations remain 123456 and azerty.
According to an ExpressVPN study transmitted by PresseCitron, another insecure password recently appeared: doudou
“The new approach will protect against phishing, and logging in to a service will be radically more secure than passwords and other technologies, such as one-time passwords sent via text messages,” adds the iPhone maker.
The three American companies made their announcement on the occasion of World Password Day. Alex Simons, vice president of Microsoft, told the FIDO Alliance press release about a “complete transition to a world without passwords” where “consumers would get in the habit of going without them on a daily basis”.