Will We Be Able To Do Without Passwords in the Future? Google, Apple, and Microsoft Believe So.
Driven by these Web giants, the Multi-device FIDO standard is expected to take hold in the coming years.
Numbers and letters. Upper and lower case letters. At least eight characters, including at least one punctuation mark. To watch a movie, check your bank account, read an article on a website or access a social network, passwords have become indispensable to our connected lives. And they have to be increasingly complex.
According to a study conducted in 2020, each of us would use an average of a hundred different passwords ... Since no human being can remember so many, we have developed different methods of circumvention. Some people always use the same passwords, which is of course the worst method. In case of data leakage, hackers will be able to access all accounts protected by the same password. Others write them down in a notebook near their PC, which is not a very good idea either.
Others use a password manager, a kind of digital safe containing all the passwords of a user. Internet giants such as Apple or Google offer these, along with specialized players such as Dashlane, NordPass, 1Password, etc. Their tools automatically connect the user to sites or applications and are themselves protected by a single password that unlocks all accounts.
This is great on paper, but it adds a point of fragility: if this one-time password is compromised, the attacker has access to all the passwords of your manager.
How to go further? By deleting passwords altogether!
That's the goal of FIDO (Fast IDentity Online) Alliance, a digital industry grouping launched in 2012 to find a more secure and simpler solution for users. FIDO was launched to combat data leaks, which are almost always password-related. The idea is that reducing our reliance on passwords would limit cyberattacks.
The shape of the face or the fingerprint will serve as a sesame
After a decade of research and initiatives with little public visibility, the work is coming to fruition. Last month, Apple, Microsoft, and Google announced their support for a new identification technology, called “Multi-device FIDO”.
In the wake of this, Apple presented on June 6, 2022, at its WWDC developer conference, a tool called Passkeys that is based on this technology, and will be integrated into future operating systems for Macs, iPhones, iPads, or Apple TV.
Instead of entering passwords, users will be able to use the biometric sensors (face shape or fingerprint) of their device to identify themselves on all sites and digital services that have adopted the FIDO solution. And this is just the beginning. In mid-June 2022, Microsoft announced the technology's arrival on its Azure cloud offering, and Google is expected to make announcements soon. The goal of FIDO members is to foster a standard, along the lines of Bluetooth, HDMI, or USB, says Andrew Shikiar.
Apple, Microsoft, and Google compete fiercely in many areas, but in some cases, they know how to cooperate. All of these companies, and hundreds of others, believe that a strong identification standard would benefit everyone.
Big advantages with FIDO … and a big disadvantage
Based on a system of public and private keys, the system is designed so that no passwords circulate on the network, thus reducing the risk of their being intercepted. At the same time, after an initial registration process, it is supposed to make life easier for Internet users, who will no longer have to create a password for each new service. And it works on different devices - using a Bluetooth connection, your phone can unlock access to a service on your tablet or computer.
This should be seen as a normal and logical evolution, aimed at making digital transformation more ergonomic for users. Biometrics is very ergonomic, as it allows for a more fluid operation. This fluidity of course hides increasingly numerous and complex security tools and protocols ...
The benefits of this approach are twofold: you won't have to remember new passwords for every application or website, and the application or website doesn't have to worry about losing users' passwords in case of a hack. But this represents a profound change: Internet users and service providers will outsource identification to an external provider, such the smartphone or operating system supplier.
We are moving from an owner mode to a renter mode, as was the case with music: you no longer own records, you rent access to your music to streaming platforms. We will give up the possibility to choose and manage our passwords ourselves, and entrust it to private companies like Google or Apple. This is not necessarily a bad thing, but we have to be aware of it.
The success of this initiative will depend above all on the service providers and websites, which will be free to adopt or not this solution, free for them. It will depend on the trust they are willing to give to the digital giants. It won't happen overnight in my opinion. I think adoption will be strong over the next few months, but it may take two or three years for users to see the difference on a large scale.
Some reading
The World Before the COVID-19 Pandemic Is Back, for the Worse. The world after so idealized seems to be only a utopia.
At the St. Petersburg Forum, Vladimir Putin Praises Russian Resilience While Castigating the West. Putin wants to save face, but the war in Ukraine that he started will lead his country into immense difficulties.
The Inconvenient Truth for BTC Haters – Bitcoin Uses 56x Less Energy Than the Legacy System. With Lightning Network, a Bitcoin payment becomes 194 Million X more energy efficient than a classical payment.