Goodbye Mind Load and Hello Security Promise Apple, Google and Microsoft

Over the years, Internet users’ scourge of spam, tsunamis of spam, has been pouring into our mailboxes from all sides together. But while it was on the verge of extinction, another tragedy turned upside down: the number of passwords continues to rise, with the rapid dematerialization of our communities. These passwords are asked every step of the way on the Internet, whether to link to its basic online services (security, banking, insurance, telecommunications, doctor, transportation, travel, etc.), even its various email accounts on its social networks, its online applications for the office, for leisure … There are plenty, and everyone has to create their own little emergency solution (Type A reminder systemujourdhuiA-N @ ntes-ilfaitB3au! And / or paper or digital list) Failing to finish in the water, nothing should be forgotten.

That’s what Graham Williams, managing director of identity and access to Thales, pointed to when he said World Passwords Day yesterday were passwords. “More and more dangerous” Because they were “Easy Hack”:

“Recent research shows that many CEOs still use ‘12356’ as their password.”

In fact, the other big problem is security, the risk that your account will be hacked – or even all of your accounts – and your data will not be accessible, or the ransom. It waits when it’s not obvious identity theft … in short, a heavy daily mental burden to manage, and a security order beyond human comprehension. Because, really immersed in their cognitive abilities, internet users use passwords that are very easy to guess, or always use the same password to make their life easier.

According to an old study by Skyhigh Networks (2016) Analyzing the 11 million passwords offered for sale on Darknet, 10.3% of Internet users use one of the 20 most popular passwords on the Internet. That means within 20 attempts, anyone can hack almost a tenth.

Shock Alliance to make the use of the Internet easier and safer

But the good news is that Internet giants Google, Apple and Microsoft announced on Thursday, May 5, World Password Day, that they will join forces to put an end to this test. A press release from Mountain View, Google’s stronghold, announces that the three giants will work together to create a system that allows recognition without having to memorize a series of efficient signs.

The new feature will enable websites and applications to provide consistent, secure and easy password-free logins to customers across all devices and platforms.

“With the new feature, users will be able to easily identify websites and mobile applications, without passwords, and securely regardless of device or operating system,” the FIDO Association said in a statement.

FIDO is a key component of this technological revolution, an alliance of manufacturers working to improve, facilitate and protect digital recognition. FIDO was officially launched in February 2013, but only a year ago, in 2012, PayPal was established by a consortium of major companies such as Lenovo and Nok, both validity sensors (both cryptography issues were created in 2009 around the public key). Nok Labs, Infineon and Agnitio. It was only in 2012 that work began on a password-free authentication protocol.

Since then, hundreds of technology companies and service providers around the world have worked with the FIDO Alliance and the W3C to create password-free login standards that are already supported by billions of devices. On all modern operating systems and web browsers (iOS, macOS, Safari, Chrome, Android, Edge, Windows, etc.), according to the FIDO press release.

Billions of devices … for billions of users: According to the site Internet live statistics, There are now 5.3 billion Internet users in the world. The number of Internet users increased by 10 between 1999 and 2013, and continued to accelerate (1 billion Internet users in 2005, 2 billion in 2010, and 3 billion in 2014).

Authenticate “Fido IDs” on all sites

In yesterday’s newsletter, Google explained that the goal is for users to be able to connect to an online service by unlocking their smartphone (through their custom mode: fingerprint, facial recognition, multi-digit code, etc.).

Specifically, a website may ask an Internet user to “authenticate himself with his FIDO identifiers”. This message will appear simultaneously on his mobile, where the user has to accept the connection to the site by opening his screen. Smartphones have these code identifiers called “passkey” (access key). Once registered with Fido, you do not need to create or enter a password.

Fido authentication is guaranteed to be accessible to all devices, regardless of operating system or browser, because the new device can be switched via Bluetooth using the first device already certified. There is no need to resort to SMS dual authentication referred to as Obsolete since 2016.

A solution within twelve months

All three technology giants have pledged to implement the new system on Android and iOS (Google and Apple’s mobile operating systems), Chrome, Edge and Safari (Google, Microsoft and Apple browsers) and Windows and Windows within twelve months. macOS (Microsoft and Apple operating systems for computers).

“Authenticating passwords only is one of the biggest security issues on the Internet”, Apple states in its statement that it adds:

“The new approach will protect against phishing and sign in to a service that is more secure than other technologies such as passwords and unique codes sent via SMS.”

To Andrew Shikier, Managing Director and CMO of the FIDO Alliance, “This new capability will lead to a new wave of FIDO processes Low friction Provides full range of deployment options for service providers, with continuous and growing use of security keys Modern, anti-phishing recognition. “

(With AFP and Reuters)