Apple, Google, Microsoft and the FIDO alliance want to do away with passwords

Apple, Google and Microsoft jointly released yesterday, World Password Day, a statement of their desire to put an end to passwords. Objective, to get rid of a protection measure considered as the weak link in security today, and to promote stronger authentication.

The problem of passwords has been known for a long time. Even today, far too many people not only create passwords that are too weak, but also reuse them for ease of use.

It must be said that the technique has obvious limits of practicality. It was by far the easiest method to protect access… when there were still few of them. Today, the situation is very different. With the multiplication of services claiming to create accounts, users face great difficulties.

Remember that ideally, a password should be unique, for a simple reason: the same email address was often used, a stolen password should not be used for other accounts, granted cascade of hacked accesses, with the consequences that we can imagine. In addition to being unique, these words must be strong: at least 12 characters long, with uppercase letters, lowercase numbers, and special characters. Passphrases are a good way to shift the difficulty, but again you need a unique one for each account.

Password managers have greatly simplified all this mess. As we have mentioned in several articles, they make it easy to create very strong and unique passwords, to store them and to automatically fill in forms when browsing the web. Some are very comfortable in mobile environments and can also complete fields in applications. They also have a weakness: the data is protected by a password, which must be simplified to effectively secure access.

Even though handlers are an important step, the fact remains that passwords themselves are far from a panacea. Because in the event of a leak at a service provider, he must react quickly and change his identifiers, even if the law requires companies to notify the persons concerned. In addition, unless you create your first passwords with a manager, the installation of the latter should ideally be followed by a long phase of replacing your old passwords.

To secure these accesses, the second factor has been created. Often sent in the form of an SMS, the code can also be distributed via an Authenticator type application. Some publishers, such as Microsoft, do not require a code, and instead ask to validate the notification issued by the application. There is a time saving compared to the code, but the whole remains cumbersome.

It is in this context that Apple, Google and Microsoft have shown their common desire to put an end to this remnant of the past.

An extension of standards without a password

.

Leave a Comment