Apple, Google, Microsoft agree to expand the use of passwordless authentication system 'passkey'
On May 5, 2022, Apple, Google, and Microsoft agreed to expand the use of the passwordless sign-in standard '
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins --FIDO Alliance
https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/
Apple, Google, and Microsoft want to kill the password with “Passkey” standard | Ars Technica
https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
'Passkey', which Apple, Google, and Microsoft have agreed to expand its use, is an authentication standard officially called 'multi-device compatible FIDO authentication credentials (multi-device FIDO credentials)'. Passkey refers to the type of authentication system introduced in so-called multi-factor authentication (both two-factor authentication) such as 'fingerprint / face authentication and PIN input on the smartphone side, one-time passcode input via SMS'. increase.
Below is an image of the FIDO Alliance explaining the flow when using a passkey. When a website or app asks you to sign in, a pop-up will appear on your smartphone asking you to authenticate.
When the user performs fingerprint authentication on the smartphone side, sign-in is completed. It's like signing in with multi-factor authentication without having to enter your ID and password.
According to a (PDF file) white paper published by the FIDO Alliance in March 2022, the passkey uses Bluetooth to allow the device requesting sign-in and the device authenticating to be physically close together. It is said that it will be confirmed. Since the communication itself is encrypted by the public key cryptosystem, it is said that it will be stronger in security than the conventional method that has problems such as being easily stolen by fraud such as password reuse and phishing .
Platforms such as Apple and Google will perform cloud backup of the authentication information used for the passkey, and will support synchronization between devices and account recovery in the event of device loss. With this announcement, passkey authentication is expected to begin in 2023 on Apple's iOS / macOS / Safari, Google's Android OS / Chrome, Microsoft's Windows / Edge, etc. However, since the passkey is already implemented internally in iOS 15, macOS Monterey, and Google Play version 22.15, it is expected that the deployment will start earlier than 2023.
Related Posts:
in Mobile, Web Application, Posted by darkhorse_log