Tech News

The world without passwords: the new forms of authentication to avoid so many numbers and letters

Little by little, the technological giants are betting on a world without passwords where other authentication strategies considered more secure are implemented. Such is the case of Microsoft, which in September of last year announced the possibility that all users of accounts with the company could delete their passwords, if they so wished.


This is possible thanks to the use of Microsoft Authenticator, Windows Hello, a security key or verification code sent to your phone or email to sign in to your favorite apps and services.

Now Google is also preparing to go in that direction, since it proposes a system based on access codes. This is a new proposal that links a private key with the user’s personal account and allows it to be synchronized between devices for use on the web.


The FIDO (Fast Identity Online) Alliance, to which some of the most important technology companies are subscribed and whose objective is to create new secure standards for the management of digital services, has proposed a new security approach that leaves both password and two-factor authentication behind.

These are multi-device credentials, capable of circumventing the phishing that has grown so much in recent times.


In this case, it is a proposal that saves cryptographic information, a private key, on the device (mobile, computer or tablet). that generates a signature that is later verified by a server that it has indeed been created with said private key when trying to access a website.

In the case of Android, the access keys are saved in the Google account, which allows this information to be synchronized between devices, useful if, for example, you change to a new mobile phone.

The user will still need to log into their account with the password, but it will bypass it in web services.


In practice, this process works similar to a password manager, and is commercially known as a passwordas the alliance mentions in its March 2022 report on how FIDO addresses a full range of use cases.

“Much like password managers with passwords, the underlying operating system platform will sync the cryptographic keys belonging to a FIDO credential from one device to another. This means that the security and availability of a user’s synchronized credential depends on the security of the underlying operating system platform authentication mechanism. (Google, Apple, Microsoft, etc.) for their online accounts, and the security method for restoring access when all (old) devices are lost,” one of the FIDO documents reads.

Last year Apple announced a new authentication feature, called Passkeys, that would allow users to use FaceID or TouchID to log in to websites that support this system. In this way, they would not need to resort to a password since they will use a biometric system.

The announcement was made in June of last year, at the developer session titled Move beyond passwords (Go beyond passwords), offered by Apple as part of its annual event (WWDC 21) for developers.

As explained by the company, it is also based on the protocol promoted by the FIDO Alliance, which Apple joined in February 2020 to improve online authentication.

Passkeys avoids having to remember a password when logging into a website, as long as the page in question offers support for this technology.

Next to the username, the FaceID facial recognition or the TouchID fingerprint is linked instead of a password.

Its support has already been included in iOS, in the second beta of version 15.5. For its part, Google is working to include this new initiative, as they have identified in 9to5Googleby checking a few lines of code from the latest version of Google Play Services (version 22.15.14).


Back to top button