How to change the need for passwords

FIDO alliance board members include Amazon, Google, PayPal, RSA, Apple, Microsoft, Intel and Arm. Their mission is to reduce "overly dependent on passwords".

pass

Today, Wired reports that the team believes it has "finally located the missing piece of the puzzle" to finally succeed in adopting a large-scale technology to replace passwords.

On Thursday, the agency published one white paper (PDF) which describes FIDO's vision for resolving usability issues that occur in passwordless functions and seemingly prevented widespread adoption.

White paper is conceptual, not technical, but after years of investing in the integration of known standards without a password FIDO2 and WebAuthn on Windows, Android, iOS and others, all lead to the success of the next step….

FIDO is trying to get to the heart of the problem that makes passwordless systems difficult to use. The team concluded that everything ends up in the process of changing or adding devices. If the process of setting up a new phone, say, is very complicated and there is no easy way to connect it to all the applications and accounts already in use - or if some passwords need to be used at the same time - then most users end up to the conclusion that it is not worth the change.

  BulletsPassView See passwords behind dicks

The password-free FIDO standard is already based on a device biometric scanners (or a master PIN of your choice) to authenticate you locally without any of your data traveling over the Internet to a web server for authentication.

The main idea of ​​FIDO, which is believed to eventually solve the problem of new devices, is for all operating systems to implement a "FIDO" credential manager, which will be somewhat similar to a built-in password manager.

Instead of literally storing passwords, the device will store cryptographic keys that can be synchronized between devices and protected by a biometric lock or the lock of a single password. At Apple's World Developer Conference last summer, the company announced its own version of the mechanism described by FIDO, an iCloud feature also known as "Passkeys in iCloud KeychainWhich, according to Apple, is its "contribution to a world without passwords".

  Hacked the accounts of PLF2012 and YourAnonNews on Twitter

The FIDO white paper also includes another feature, a suggested addition to the specifications that would allow one of your existing devices, such as your laptop, to act as distinctive hardware, similar to Bluetooth standalone authentication dongles, and provides physical authentication via Bluetooth.

The idea is that the method will be essentially phish-proof, as Bluetooth is a proximity-based protocol and can be a useful tool for developing different password-free schemes.

For FIDO, the biggest priority is a change in the current account security model that the Phishing past…

Of course such a change will not happen overnight. If you only think about the difficulty of some to leave them Windows XP, the road will be painful.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

  + 7 = 13

Previous Story

Caution: Browser in the Browser attacks (BitB)

Next Story

Cyber ​​attack on ELTA. Their information systems are out of order