Apple, Google, and Microsoft announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
This allows websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
Google says, “This will simplify sign-ins across devices, websites, and applications no matter the platform — without the need for a single password. These capabilities will be available over the course of the coming year.”
Realistically, when the user signs in to a website or an application on his phone, he only has to unlock his phone; and the account will no more need a password.
“Instead, your phone will store a FIDO credential called a ‘passkey’ which is used to unlock your online account. The passkey makes signing in far more secure, as it’s based on public-key cryptography and is only shown to your online account when you unlock your phone”, explains Google in a blog post.
Thus the user will not require the phone again, they can just sign in by unlocking the computer.
“Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off”, says Google.
This new passwordless authentication gives users two new capabilities for more seamless and secure passwordless sign-ins:
According to FIDO Alliance, “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”.
The expanded new approach will give websites and apps the ability to offer an end-to-end passwordless option.
“Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN”, the FIDO alliance. Hence, this new approach protects against phishing, and sign-in will be drastically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…