On The Way To A Massive Attempt To Remove The Passwords From The World Of Users
Do You Have An Idea Of Authenticating And Maintaining Your Security In The Digital Space Without Relying On Passwords?
There is a massive effort to change the password and replace it with better methods.
For years, there has been talking of a tempting digital future without a password, but you may not have seen any sign of that dream coming true shortly. The FIDO Alliance has announced that we are one step closer to this goal, and the missing piece of the puzzle has finally been found. The focus of the Fido Alliance Industrial Association, or Fedo Union, is developing new secure authentication methods.
The Fido Union recently announced its vision for solving the problems of usability of its technology by publishing white papers; Problems that have so far overshadowed the valuable features of this technology and seemingly prevented its widespread use.
All Fido members contributed to this report, including computer chip makers such as Intel and Qualcomm. Other Fido members include major platform developers such as Amazon and Meta, financial institutions such as American Express and Bank of America, and operating system developers like Google, Microsoft, and Apple.
The published report is more than a technical guide; and it is a theoretical guide to solving the problems ahead of the union. After years of trying to integrate Fido 2 and WebAuthn standards into products such as Windows, Android, and iOS, the release of this report is a positive step towards removing barriers to the use of this technology.
” Andro Shikiar, the executive director of the Fido Union, says:
The key to Fido’s success lies in its high usability. We need to be as popular as user passwords. Passwords have become part of the web environment, and we are trying to find an alternative. Not using a password should be more convenient than using it.
But in practice, even the fastest and most flawless methods of not using a password are in the early stages of development. Part of the challenge this technology faces is getting users used to using passwords; this makes them reluctant to use new authentication methods.
Passwords are difficult to use and manage, and this is why some people resort to shortcuts such as using duplicate passwords, which causes security problems. But in the end, despite all these challenges, users use passwords extensively.
Experience has shown that informing consumers about password alternatives and making them feel comfortable with new changes is a long and challenging process.
In addition to the challenge of users’ adaptability to this technology, the Fido union faces another critical challenge: the difficulty of navigating the methods of not using passwords between different platforms and products.
Fido engineers believe that the root of the problem is replacing or adding an electronic device if you do not use the password method if the process of starting a new mobile phone is too complicated. There is no simple way to re-login to all accounts or applications or to prove, for example, that the social media account is owned by using the password again. Need, in which case many users will reward with the use of this technology.
Biometric scanners will play a key role in user authentication without passwords.
The non-password standard being developed by the Fedo Union relies on biometric scanners of devices such as fingerprint sensors or a user-selected masterpiece for user authentication.
This authentication is done locally without using the Internet, and no data is transferred from the devices used by the user for authentication to the servers. The Fedo Union believes that the main idea to solve the problem of the need to use new devices is to implement the Fido authentication management tool in the operating system.
This process is similar to the built-in password management program in operating systems. In this mechanism, one of the methods of storing cryptographic keys is used instead of storing passwords. These cryptographic keys, protected by biometric scanners or cell phone locks, can be synced and shared between different devices.
At Apple’s Global Developers Conference last summer, the company unveiled a similar Fido prototype called the Keychain as an iCloud feature. Apple has announced that keychains are a step towards a future without passwords.
Gareth Davidson, one of the engineers involved in Apple’s authentication program, said at the Apple Developers Conference in July of last year (July 1400):
Keys are like WebAuthn authentication and take advantage of the standard security features of this standard, along with the ability to back up and sync across all devices. We store keychain data in iCloud, and like all other data in iCloud, this data is encrypted completely, and even Apple can not read it. This data is accessible for the user to read. In most cases, a simple hint or click is required to access the authentication data.
For example, if you lost your old Apple phone and bought another, transferring data to a new phone will be no more complicated than Apple’s authentication methods for buyers of its products.
But if you have lost your iPhone and want to use an Android phone, authenticating accounts and apps may not be as easy. But the guide published by the Fido Union has another noteworthy point.
A new feature offered by Fido could allow a user’s device, such as a laptop, to act as a hardware token, something like standalone Bluetooth authentication dongles that will enable you to use Bluetooth physically. Please verify your identity.
Fido’s main idea in developing this feature is that Bluetooth is almost an anti-phishing technology due to its distance-based protocol, so Bluetooth can use in various ways to establish password waiver schemes without the need to store a backup password. کرد.
Bluetooth is almost an anti-phishing technology.
Christine Brand is one of Google’s product managers. His focus has been on authentication and digital security, and he has been involved in Fido Union projects for several years. The brand believes that key-based designs logically pursue a vision of a password-free future for smartphones or multi-device connectivity. He says:
The dream of going through the world of passwords has been in many for a long time. But [to make that dream come true], all users had to have a smartphone in their pocket, which is now almost a reality.
Fortunately, users only need to make a small behavioral change to use the security standards that will lead to the removal of passwords. Still, technologically, this will be a giant leap forward.
It is worth mentioning that Google joined this union only a few months after the formation of Fido in 2013.
The biggest priority of Fido is changing the pattern and security framework of user accounts, which will lead to the elimination of Internet scams through authentication or phishing.
Internet scammers use elaborate methods to trick users into providing unwanted personal information, including passwords, and even two-tier authentication codes are not safe from phishing attacks.
In addition to the criminal financial gain of the attackers, identity forgery and cyber fraud may also be part of spyware and sabotage cyber-attacks aimed at influencing geopolitics and global events.
Even if we accept that the Fido Formula Union has found the magic formula, there are still many reasons to believe that passwords will not disappear overnight. The most important reason is that not everyone uses smartphones; Therefore, if one device is stolen or lost, there will be no other backup device to prevent data disclosure. It also takes years for everyone to use widgets and operating systems that support Fido solutions to password waiver.
Technology companies, meanwhile, need to support two password-based login methods without the need for a password. The Fedo Union has recently stated its support for the transition process in recent white papers. Still, like all previous tech migrations (Windows XP), the migration route will be unavoidably tricky.
No standard will be error-free, and it will have its weaknesses
Although the Fido Union’s proposal to set security standards for the world of passwords is a giant leap forward to a more secure digital future, it should not forget that even future measures will not be error-free. The success of Fido will depend on the performance security of each implementation system.
You are probably familiar with the nightmare of forced trust in various authentication methods of applications, social networks, and other Internet services; However, you must remember that there is no complete and error-free alternative.
It will create A different and possibly better, more realistic environment e with its weaknesses and vulnerabilities if the Fido solution is implemented. As Fido acknowledges, the widespread use of authentication methods without the need for a password is part of an all-encompassing solution. It may not meet the stringent security requirements of the future.
Apart from all these issues, the technology industry must find a way to turn Fido’s white paper into practical features. An easy-to-use solution that encourages users to migrate through password-based security protocols.
” Matthew Green, a cryptologist at Johns Hopkins University, says:
As it turns out now, pass-through keys perform better and are more secure than passwords. But if the user interface for in-device transfer is poor on some devices, it will be weak on all devices, discouraging people.
After nearly a decade of trying, users who have hoped for a password-free world believe that the Fido Union and its projects have grown so large that it is unlikely to fail. When we ask Christine Brand if the password death bell has rung this time, she answers without a moment’s pause: