FIDO, the passwordless future standard (which Apple, Google and Microsoft are betting on) – Corriere.it

At least eight characters, one special, numbers and uppercase letters. Creating a good password – and you need a new one for each account – is almost an enigma. Rules multiply. Especially, We have a lot of passwords: NordPass – one of the most used software that helps us manage it – calculates that Each of us uses an average of a hundred passwords. And the number is constantly increasing in an increasingly digital world. Then there is a problem safety: According to Avast, an antivirus company, More than 90% of traders are vulnerable to attack. It is inevitable that someone will wonder if there is a way to do without it. Starting with who invented the password. The sixties started when the computer world started Fernando Jose Corbato The Massachusetts Institute of Technology in Boston created the first computer system with a password to access files. Years later, now 87, he admitted that his idea became “Kind of a nightmareNightmare according to Bill GatesThe end will soon come. In 2004, the founder of Microsoft predicted that Passwords are nearing extinction. the reason? “They don’t face the challenge of keeping critical information secure.”

Alliance

And Bill Gates isn’t the only one who thinks passwords have and should be numbered. There is an alliance, videowhich has been working since 2012 to change the “nature of authentication”. Among the members, we find the biggest tech giants who together are trying to organize a happy passwords funeral. They are in particular Apple, Google and Microsoft To bet in an important way on this new standard Which should ensure greater security on the Internet, freeing us from the “slavery” of passwords. Security, yes, because the most used authentication system today doesn’t really allow us to protect our accounts. Calculate World Economic Forum who – which 80% of corporate data breaches are caused by weak passwords. On management and oversight each company spends an average of $1 million per year.

HOW FIDO SYSTEM WORKS

Here then the FIDO Alliance is working on an alternative, in collaboration with the World Wide Web Consortium. also called “passkey” It works like this: When registering for an online service, the device – a smartphone, so to speak – creates New pair of keys. who – which Spread It is stored on the device itself, meanwhile public It was registered by the app or website. When the user wants to enter it later, iThe device must “prove” that it has its own service key. The private key is unlocked by entering a PIN, facial recognition, or any other tool we use to unlock your phone, PC or tablet. A bit like a password manager, there is only one password (in this case, smartphone authentication) to remember.

Collaboration between Apple, Google and Microsoft

The goal is to make this protocol a reality.”in the next yearsIt is not easy, but the conditions are there. Especially, There is cooperation between the three operating system suppliers: apple (iOS and OS), The Google (Android) and Microsoft (Windows). To be effective, the standard must already be cross platform It is compatible with any device at hand. So far, however, the scheme has included requiring users to access every website or app with every device before being able to use the password-less feature (the device, after all, keeps the private key). Grandma announced the occasion of password day It’s all here: Allow users to use the Passkey even on new smartphones or computers, without having to authenticate again, no matter what operating system or browser they’re using. Explained on White papers: “If a user sets up a certain number of FIDO credentials for different trusted parties on their phone, and then gets a new phone, that user should be able to expect all of their FIDO credentials to be available on the new phone. This means that users no longer need to passwords: when they move from one device to another, their FIDO credentials are already there and ready to be used for anti-phishing authentication.” This, it has been emphasized, is not a change in the standard, but merely a need for cooperation between vendors.

Biometrics and two-factor authentication

To overcome the problem of too many and weak passwords, so far, there are two ways. The first is Two-factor documentation. Definitely more secure, it’s a system that involves entering a password and then re-testing it with other custom generated information, OTP (password for one timewhich are sent to us via email or text and are valid for a few minutes) or 1 minute notice on a pre-authenticated device. A possible alternative, already prevalent in some of its forms, is fingerprints, that technology that turns a unique feature of the body into an authentication system. We already use it for smart phone lockWith fingerprint or facial recognition. There are other systems. Like Voice recognition, which determines the sound waves of our voice, tone, tone. or the Recognize the iris of the eyethrough infrared light, and behavioral biometricsWhich studies user behavior patterns. So far, biometrics still does not allow to completely get rid of the use of a file backup code – If authentication fails – but there are those who are betting that this will be the way out of the bondage of passwords. On the other hand, it is our body, in this case, that provides us with the material to secure the accounts. This is a strength but also a weakness: if our themes are cloned, how can we “change the password” because the password is part of us? There is no shortage of doubts about aggregate: In addition to the issues with biometric component theft – which basically amounts to stealing part of our identity – there is the data storage problem. We must make sure that this information is stored on secure servers and is not used for secondary purposes such as monitoring. And if in some cases, like the big tech giants, we can be pretty sure our data is being held, we certainly can’t rely on biometrics for every online authentication. But biometrics should be a great ally to this password-free system being created by the FIDO Alliance.