To celebrate ‘World Password Day’ (the first Thursday of May), Microsoft, Google and Apple are launching a ‘joint effort’ to stop the use of passwords. They want to ‘expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.’
The standard is being referred to as a ‘multi-device FIDO credential’ or a ‘passkey’. This novel method would have the site or app the user is logging into send a request to his/her phone for authentication. The user would need to unlock his phone and authenticate with a pin before gaining access. It is similar to the phone-based two-factor authentication setup.
This FIDO scheme works over Bluetooth. This is because ‘Bluetooth requires physical proximity, which means that we now have a phishing-resistant way to leverage the user’s phone during authentication.’ On the security status of this, FIDO noted that Bluetooth is just ‘to verify physical proximity’ and the actual log-in process ‘doesn’t depend on Bluetooth security properties.’
The passkeys can be backed up by a big platform holder like Google or Apple, similar to how password manager can unite all your logins under one password. This would allow the easy transmission of credentials to the new device, prevent its loss and make it easier to sync passkeys across devices.
The FIDO blogpost says: ‘These news capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.’ Apple has already set up a passkey system but it is currently not compatible with other platforms. Google’s passkey support is already visible in Play Services, so as soon as it’s ready, all Android devices will be able to support it.
By Marvellous Iwendi.
Source: Ars Technica