The of high-tech have joined forces to integrate together a secure and without whether on mobiles, or via the . They will make their products support the Fido Alliance passwordless login standard (Fast IDentity Online) and you World Wide Web Consortium. face scan, or will be the new universal sesame to unlock your device and find your data.
An alliance of convenience to strengthen security
The system will be all the more practical, if you change, for example, you will not need to log in the first time using your password and username. It’s been a while since the three companies integrated the components to support the Fido2 standard but, for now, it’s still mandatory to log in to accounts at least once by entering credentials.
With the new system and itsunique activated by the , for example, it will now be very difficult for hackers to steal a user account. According to the trio, the implementation of this passwordless standard will be implemented within a year and will work indiscriminately on macOS and its Safari browser, Android with Chrome or Windows and .
Outdated, passwords will disappear
Behind the name WebAuthn hides a new standard that proposes to abandon passwords in favor of biometrics or keyssecured.
Article by Fabrice Auclert, published on
The W3C (Word Wide Web Consortium), the main organization that manages web standards, and the Fido Alliance (Fast IDentity Online), an association of companies that aims to secure the web, have just announced also known as WebAuthn, which will allow you to get rid of passwords on websites.
These two organizations have teamed up to solve a major security problem:. Internet users use many accounts to access different websites, each with its own password. Faced with the difficulty of creating so many different passwords and remembering them, it often happens that they leave the default ones or opt for passwords that are easy to remember, such as “1234”, or even that they use the same everywhere. They are then vulnerable to , or can be recovered by infecting the victim’s computer. If the person used the same for multiple accounts, they may all be compromised.
There are a few solutions to increase security, such as password managers or multi-factor authentication with, for example, an SMS confirmation code, but this is not enough in the long term. NewFido2 provides enhanced security, while simplifying use by eliminating passwords. Concretely, it is composed of two elements. First of all, an authentication, thanks to (such as a fingerprint reader or a camera), but also a mobile device or a Fido security USB key. The second element is the WebAuthn which allows, in particular, browsers and websites to exchange in a secure way in order to identify themselves.
Major browsers had already anticipated the adoption of WebAuthn.integrated the API into version 60 of its Firefox browser, released in May 2018. Google followed suit just a few days later with version 67 of , then Microsoft followed with its Edge browser, and Apple with Safari. This new standard is supported on et Android.
A more convenient system and enhanced security
The standardization of WebAuthn, which therefore makes the Fido2 system available to all websites, brings several advantages. Identifiers are unique for each website, and no secret information is exchanged. It does not send passwords or biometric data. It is therefore not possible to obtain them byand even in the event that one account is compromised, it would not give any access to the victim’s other accounts.
In addition, registration creates a unique identifier for the website. This improves privacy, since it is then impossible to follow a user from one site to another. Finally, the process is very simple to implement and quick to use. Sites must use the WebAuthn API, which is therefore standardized. Users do not have to enter their username and password, they just need to activate their identification system, such as putting their finger on.