Google lines up with Apple and Microsoft to nix passwords in favor of nearby-device authentication

A trio of tech giants want you to phone in your next password.  No, not by falling back to some easily-memorized password, but by using your smartphone to log you into another nearby device of yours, such as your laptop. Google has announced that it would support a passwordless sign-on system in the Android and Chrome operating systems. In addition, Apple and Microsoft said they will do the same in their operating systems and browsers. That will allow you to mix and match platforms—say, using an Android phone to whisk you into an account in Safari on a Mac, or an iPhone to log in on Edge on a Windows PC. It will work a bit like a USB security key does now for a laptop or desktop, except that where those compact fobs from Yubico and others still expect you to type in your password first on that device, here unlocking your phone near the other computer will suffice. These joint announcements on World Password Day (one of the worst celebrations of bureaucratic annoyance, after Tax Day), builds on earlier moves to eliminate the password as the primary defense for an account. In this new passwordless world, you might still create an account with a traditional username and password, but associating that account with your (properly secured) smartphone will take the place of the traditional string of characters. “In the past, our logins would be passwordless in certain situations, but you couldn’t really get rid of the password,” says Sam Srinivas, director of authentication security at Google. [Image: courtesy of Google]There’s an obvious benefit to not having to remember a password (or the master password to the password manager that you should be using). The less obvious upgrade: This passwordless architecture, like USB security keys, is phishing resistant. Your phone will ignore requests from a fake site for the cryptographically secure passkey that authenticates you at the real site, just as a USB security key will disregard lookalike fake pages that could fool a human. If an attacker somehow obtains the original password to an account or steals a computer on which that login is saved, tricking you into letting them in with a tap of a notification prompt on your phone won’t work. “This is MFA done right,” says Srinivas, who doubles as president of FIDO Alliance, an industry group that develops post-password security standards. “It’s only going to work if you’re right next to the computer”—as verified with Bluetooth short-range wireless. USB security keys were an earlier product of FIDO, short for “Fast IDentity Online.” While they also can’t be remotely exploited, they cost extra, usually starting at $20, and require their own separate enrollment before use. They’re also yet another small object to remember—and then maybe to lose. “When we started on this journey with FIDO, physical proximity was the magic touch,” says Christiaan Brand, senior product manager at Google. “With this particular piece of technology, we’re bringing that back in.” But giving your smartphone an even bigger security rule also increases the risk attached to its loss or theft. An attacker who could defeat its biometrics or guess your screen-unlock code or pattern might be in a position to start rolling up all your accounts, although that’s also a risk with mobile password-manager apps. (Reminder: Reusing passwords—a bad habit that people repeatedly admit to indulging—all but guarantees that the compromise of one account, perhaps in a data breach, will only endanger others.) Losing a smartphone definitely risks inconvenience, although the passkeys saved on it are synced automatically and securely (and, Srinivas clarified, aren’t subject to backup-storage quotas). Until you get a new phone and restore that from backup, for example, signing into a new device won’t work unless you have a backup authentication method handy. But that, too, is the case if you lose a phone you’ve used as a second authentication factor or on which you run a password manager. Srinivas says he continues to recommend using separate USB security keys “for extremely sensitive situations” (think accounts that are core to a highly visible online identity or which offer control of large sums of money). For that matter, Google itself is not ready to ditch passwords in its account-creation flow, and Srinivas says he expects that to continue “for a few more tomorrows.” But even if today’s news falls short of its promise (and we’ve all bought into the false hype before), a login experience that is not so much passwordless but does qualify as password-light would still rank as an upgrade. “The password is fundamentally phishable,” says Srinivas.

https://www.fastcompany.com/90749268/google-lines-up-with-apple-and-microsoft-to-nix-passwords-in-favor-of-nearby-device-authentication?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Létrehozva 3y | 2022. máj. 5. 13:21:41


Jelentkezéshez jelentkezzen be

EGYÉB POSTS Ebben a csoportban

GameStop’s Nintendo Switch 2 stapler sells for more than $100,000 on eBay after viral mishap

From being the face of memestock mania to going viral for inadvertently stapling the screens of brand-new video game consoles, GameStop is no stranger to infamy.

Last month, during the m

2025. júl. 11. 12:50:04 | Fast company - tech
Don’t take the race for ‘superintelligence’ too seriously

The technology industry has always adored its improbably audacious goals and their associated buzzwords. Meta CEO Mark Zuckerberg is among the most enamored. After all, the name “Meta” is the resi

2025. júl. 11. 12:50:02 | Fast company - tech
Why AI-powered hiring may create legal headaches

Even as AI becomes a common workplace tool, its use in

2025. júl. 11. 12:50:02 | Fast company - tech
Gen Zers are posting their unemployment era on TikTok—and it’s way too real

Finding a job is hard right now. To cope, Gen Zers are documenting the reality of unemployment in 2025.

“You look sadder,” one TikTok po

2025. júl. 11. 10:30:04 | Fast company - tech
The most effective AI tools for research, writing, planning, and creativity

This article is republished with permission from Wonder Tools, a newsletter that helps you discover the most useful sites and apps. 

2025. júl. 11. 10:30:04 | Fast company - tech
Tesla sets annual meeting for November amid shareholder pressure

Tesla has scheduled an annual shareholders meeting for November, one day after the

2025. júl. 10. 20:40:02 | Fast company - tech