[The Epoch Times, June 8, 2022](Comprehensive report by Wu Ruichang, reporter of The Epoch Times Special Department) As people often need to enter more and more passwords in their daily lives, many people often forget their passwords, and even choose to use the same password to prevent forgetting. . Therefore, the three tech giants have teamed up with FIDO to create a password-free world and solve the problem that people often forget their passwords.
Apple, Google, Microsoft, Fast IDentity Online (FIDO) and the World Wide Web Consortium (W3C) jointly announced a plan in May to jointly create a common passwordless login standard.
FIDO hopes to promote simpler and stronger authentication standards and network identification standards, and to change the authentication mode in the way of public key encryption (Public Key Cryptography), expand the interoperability of authentication, and reduce people’s dependence on passwords.
The plan mentioned that relying only on passwords for authentication in the past has become a major security issue on the Internet. Coupled with the need for consumers to manage and remember multiple passwords, many consumers use the same password to log in to different services.
This practice can be costly. When one account is stolen, it means that multiple accounts are at risk of being stolen, and at the same time, it brings many problems such as data and identity leakage. Currently using password managers and traditional two-factor authentication methods (text and email verification), problems such as phishing are gradually improved.
According to a new study by NordPass, of the more than 290 million data breaches worldwide, 1.1 million password breaches used “123456” as the password, which is also one of the most commonly used passwords by CEOs worldwide. The fields to be visited include technology, finance, construction, healthcare, etc.
Cross-platform will realize passwordless login
The new plan announced now, will provide users with 2 new functions. These new features will allow consumers to log in passwordless across multiple websites, apps, devices and platforms with a single key, breaking the way people used to have to log in everywhere when using passwordless features .
The first new feature allows users to automatically access their FIDO login credentials (key or password) on multiple devices (including brand new ones) without re-registration for each account, similar to a master key.
The second new feature allows users to use FIDO authentication on mobile devices, allowing nearby devices to log in to apps or websites, regardless of the system running on the device (for example, Windows, MacOS, Android, IOS, etc.) or different Browsers (eg, Safari, Chrome, etc.) can still communicate with each other. Apple, Google and Microsoft platforms are expected to implement these new features within the next year.
Mobile phones could be the medium for passwordless platforms
Thibaut Henin, a Montpellier-based computer forensics expert and editor of the popular cybersecurity website Les Assouyes, pointed out that “the idea is to replace your password with your phone,” according to RFI. Specifically, after obtaining an authentication key on the FIDO website, verify it with other websites.
Bertrand Carlier, a cybersecurity expert at consulting firm Wavestone, explained that using passwordless itself requires something to authenticate itself. From a technical point of view, the technology used by FIDO is based on an asymmetric cryptography system.
He added, “The principle of passwordless execution is the use of private and public keys. The private key is stored in the chip of the individual’s mobile phone, while the public key is encrypted to the server using a digital password, and when the two keys are combined in the Together, you can identify the user. With that, you can’t go wrong with authentication.”
Jake Moore, global cybersecurity consultant at computer antivirus software company ESET, told the Daily Mail that while the three tech giants are paving the way, there is still a lot of work to be done when it comes to password security. Yes, there is still a long way to go before the popularity of passwordless.
Moore added that passwords play a critical role in account security because they can be easily changed when they are attacked or compromised, rather than relying directly on a unique device for identification, such as on a smartphone or smartwatch .
He also said that nothing can stop hackers, who may use the viewing function to bypass passwordless logins, and like any new technology used in the past, it looks good at first, but the future is unpredictable.
Expert: New way to effectively prevent hackers
In a joint announcement of a plan in May, Andrew Shikiar, CEO and chief marketing officer of the FIDO Alliance, said the viability and ubiquity of passwordless authentication was the key to mass adoption.
He continued, “As the use of security keys continues to evolve, Apple, Google and Microsoft have committed to support this authentication on their platforms and products to achieve the goal of being passwordless, and this new feature provides more comprehensive options, Prevent those phishing (fake) authentication methods.”
“These coalitions and companies are pioneering the move to passwordless, allowing Americans to use the web in a more secure way,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). An important milestone in cybersecurity as we move away from traditional passwords.”
Kurt Knight, senior director of platform product marketing at Apple, Mark Risher, senior director of product management at Google, and Alex Simons, vice president of identity program management at Microsoft Similar views were also made.
Grahame Williams, director of identity and access management at French defence, space and security electronics group Thales, told the Daily Mail that passwords were becoming “increasingly insecure” And “easy to be hacked”. Now the industry needs to turn to newer technologies to improve its own security and protect user data.
Editor in charge: Lian Shuhua