Latest News
New passwordless sign-in standard uses phone authentication for all log-ins
By |
9th May, 2022 |
Categories:
An initiative supported by Apple, Google and Microsoft aims to do away with the password and replace it with the “passkey” standard.
The three major OS vendors say the intention is to “make the web more secure and usable for all”.
Instead of requiring a long string of characters to log in, the common passwordless sign-in standard will have apps and websites push a request to the user’s phone for authentication.
It’s a familiar system for anyone with phone-based two-factor authentication, but the idea is that this will be a replacement for the password rather than an additional factor.
The standard was created by the FIDO Alliance and the World Wide Web Consortium, which claim that it will enable consistent, secure and easy passwordless sign-ins across devices and platforms.
Users will sign in through the same action that they take to unlock their devices, such as verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in is expected to be “radically more secure” when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
“Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services,” the FIDO Alliance said. “This practice can lead to costly account takeovers, data breaches and even stolen identities.
“While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.”
The latest announcement adds two new capabilities for more seamless and secure passwordless sign-ins:
- Allow users to automatically access their FIDO sign-in credentials (passkey) on many of their devices, even new ones, without having to re-enrol every account.
- Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
These new capabilities are expected to become available across Apple, Google and Microsoft platforms over the course of the coming year.
Protect all of your devices with gadget insurance from Gadget Cover. In addition to accidental damage and theft as standard, with the option of loss cover on mobile phones, tablets and smartwatches, our policies offer a range of additional benefits including accessories cover.