FIDO sign-in system does away with passwords.
Securely sign in across different platforms.
Passkeys sync from cloud backup.
Introduction:
Google today announced plans to implement support for passwordless logins in Android and the Chrome web browser to allow users to
seamlessly and securely sign in across different devices and websites irrespective of the platform. This will simplify sign-ins across
devices, websites, and applications no matter the platform without the need for a single password.
Details:
Apple and Microsoft are also expected to extend the support to iOS, macOS, and Windows operating systems as well as Safari and Edge browsers. The
common Fast IDentity Online (FIDO) sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone
when signing into a website or an application.
Currently:
This is made possible by storing a cryptographically-secured FIDO credential called a passkey on the phone that is used to log in to the
online account after unlocking the device. Once you've done this, you won't need your phone again and you can sign-in by just unlocking your computer.
Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device
left off. With passkeys, the goal is to enable sign in from any device regardless of the platform or browser the device is running. Users can sign in on a
Google Chrome browser that's running on Microsoft Windows, using a passkey on an Apple device.
Additional Security Info:
The new passwordless sign-in capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year. Users
will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face,
or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies
such as one-time passcodes sent over SMS.
Closing:
In a way the method can be viewed as an extension of its own Google prompts for logging into accounts secured with two-factor authentication (aka 2-Step Verification). The
development comes as code hosting platform GitHub announced that it will require all users who contribute code on GitHub.com to enable one or more forms of two-factor
authentication (2FA) by the end of 2023 to prevent account takeover attacks.
Reference link for the full story:
Google to Add Passwordless Authentication Support to Android and Chrome
This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity
#google #fido #passkeys