Excellent John K. Kumi is a cryptocurrency and fintech enthusiast, operations manager of a fintech platform, writer, researcher, and a huge fan of creative writing. With an Economics background, he finds much interest in the invisible factors that causes price change in anything measured with valuation. He has been in the crypto/blockchain space in the last five (5) years. He mostly watches football highlights and movies in his free time.
According to reports, this new standard is called “Passkey” or “multi-device FIDO credential.”
The rise in cyberattack cases has left users with no option but to generate complex passwords made up of long string characters to secure their accounts. However, it seems this will change anytime soon. Global tech giants including Apple Inc (NASDAQ: AAPL), Microsoft Corporation (NASDAQ: MSFT), and Google LLC (NASDAQ: GOOGL) have joined hands to launch a campaign to kill the password. This is to mark the world password day celebrated on the first Thursday of May.
The decision to kill passwords is far advanced as “FIDO Alliance and the World Wide Web Consortium” have created a passwordless sign-in standard embraced by major Operating System vendors. It is admitted that long, complex, unique, and confidential passwords are very secure but are very hard to memorize, hence, the need to go passwordless. Also, the recent rise of phishing makes it easy for third parties to trick people into exposing their passwords. In terms of data breaches, hackers easily access and share usernames and passwords. On the dark web marketplaces, for instance, are huge databases of stolen credentials uploaded for sale.
According to reports, this new standard is called “Passkey” or “multi-device FIDO credential.” This has been designed for the app or website being visited to send a request to the user’s phone for authentication instead of entering a long string of characters as a password. The authentication can reportedly take the form of a pin or biometric.
With a lot of similarities to two-factor authentication, the scheme is aimed to replace passwords rather than being used as additional security. The difference is that some two-factor authentications only work over the internet. However, this new scheme works over Bluetooth. “Bluetooth requires physical proximity, which means that we now have a phishing-resistant way to leverage the user’s phone during authentication,” reads the whitepaper.
Bluetooth has been said to have compatibility problems. However, FIDO does not think this will be a problem as it is just needed to verify physical proximity and will not in any way rely on its security properties. Also, plans have been made to help users to synchronize their passkeys across other devices, prevent them from losing the credentials, and easily use them on new devices as they can be backed by Apple and Google.
“These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the coming year,” according to FIDO blogpost.
Many companies have over the years attempted to go passwordless but have been less successful. However, things are advancing very fast lately. Apple has started the Passkey trend which is working in iOS 15 and macOS Monterey. However, this is not compatible with other platforms.