In a joint statement issued by FIDO recently, Apple, Google and Microsoft said they would further expand the standards Technical for login without password, which would allow users to log in to network services in a more intuitive and secure way.
And it is that passwords are susceptible to hacks and can be difficult for users to manage. To address those issues, Apple, Google, and Microsoft have been helping lead an industry-wide effort to stop using passwords as the primary means of logging into apps.
All three tech giants plan to release new login features that will allow their users to log into a website or app without entering a password. According to the companies, users will be able to log into a service simply by unlocking their smartphones.
In the previously proposed account login method for web services, Google and Apple have proposed mechanisms to log in to various network services with their own accounts, and Microsoft has also verified login identities through email messages. text or calls to ensure user login security and convenience.
"To sign in to a website on your computer, you'll just need your phone nearby and you'll simply be prompted to unlock it to access it," explained Sampath Srinivas, Google's director of product management for secure authentication, in a blog post today. . "Once you've done this, you won't need your phone again and can log in simply by unlocking your computer."
Therefore, the purpose of establishing FIDO Alliance is to solve the problems caused by traditional authentication methods of passwords through technology. It allows users to link with many network services by linking Apple, Google, and other service accounts, and then use these accounts to identify service login identities.
In addition, it can also be combined with biometric identification methods such as digital password (pincode), fingerprint or facial for identity verification, and even through the user's mobile phone and other devices for identity verification, which simplifies the difficulty of log in to many network services, and also ensures privacy and security when logging in.
The new passwordless login features will also include a built-in fallback mechanism:
"Even if you lose your phone, your passkeys will be securely synced to your new phone from the cloud backup, allowing you to pick up right where your old device left off," Srinivas wrote.
upcoming capabilities are based on technical standards developed by two industry groups, FIDO Alliance and World Wide Web Consortium. Apple, Google, and Microsoft played key roles in developing the standards. In addition, companies already implement passwordless login technology that they have helped develop in various products.
"Just as we design our products to be intuitive and capable, we also design them to be private and secure," said Kurt Knight, Apple's senior director of platform product marketing. “Working with the industry to establish new, more secure login methods that offer better protection and eliminate password vulnerabilities is critical to our commitment to building products that offer the highest security and a transparent user experience.”
Along with announcing upcoming features, Microsoft added passwordless login support to two of its offerings. The first is its Windows 365 Cloud PC tool, which allows users to sync their PC apps and settings across multiple devices. Microsoft also added a password login capability to its Azure Virtual Desktop service, which allows companies to provide cloud-based desktops for their workers.
Microsoft plans to implement additional cybersecurity enhancements in the future.
"You can use Windows Hello today to sign in anywhere that supports passcodes, and in the near future, you'll be able to sign in to your Microsoft account with a passcode from an Apple or Google device," said Alex Simons, vice president corporate program management team in the Azure division of Microsoft Corp.
Apple, Google, and Microsoft are also working to make their platforms more secure in other ways. The new features are expected to be available within the next year.
Source: https://fidoalliance.org
This is not "for the convenience of the user" nor to avoid the "problems" (?) of the users to manage the passwords. It is plain and simple so that all activity on the network can be related to the real user, with name and surname, thus ending anonymity.
And no, anonymity is not bad. If someone commits a crime, your service provider knows your IP and can give it to a judge, upon order. Anonymity does not equal impunity. Ending anonymity allows private companies to have access to ALL your activity on the network, without you knowing why, or what they use it for.