A few of the worlds largest tech giants have thrown their hats in to the ring betting big on a common passwordless sign-in standard that can end the user facing password process in a bid to make it “easier” to sign in with extra security.
In a press release on Thursday May 5, Apple, Google and Microsoft plan their move to passwordless sign-ins with the support of the FIDO Alliance and the World Wide Web Consortium. This will allow for accessing websites and apps across their devices and platforms.
This will help reduce the amount of attacks by opportunist hackers using breached data base leaks, brute force attacks or buying passwords on the dark web. These types of attacks have given rise to two-factor authentication and password managers in recent years.
Representatives from each company cited many of the common password issues we all run in to such as needing to remember so many, reuse an old one or even use the same one on multiple services and as soon as one is breached your account is venerable on all.
The FIDO standard takes care of creating unique passkeys, leaving you with simply the task of logging in with a PIN, security key, or biometric identification.
According to FIDO, the login procedure uses public key cryptography, which generates a paired public and private key for the local device and the user’s account. While the public key can be shared across services or devices, the private key and information about local authentication, such as fingerprint data, will never leave the device.
While many people can’t wait to get their devices set up with passwordless login methods there is also a large number of Internet users that are worried about online anonymity and losing their online privacy on social media or the fear of not having their mobile device with them to complete the authentication process when signing in somewhere else.
Privacy experts welcome the idea of trying to make user account authentication more secure but it must be “implemented in a safe, secure, and privacy protective manner.”
A spokesperson for BC Privacy Commissionaires office says to them it looks like the FIDO standard is in the “conceptual stage” and would expect the tech giants to consult with regulators before fully implementing the technology.
“This proposal appears to be very much in the conceptual stage, and we would expect that there would be consultations with regulators before advancing further in any concrete way.” a BC Privacy Commissioners Office spokesperson told BC Rise.
The BC Privacy Commissioners Office have seen many different proposals for online identity authentication including made in Canada solutions, however the goal must be one that is “implemented in a safe, secure, and privacy protective manner.”.
“Any attempt to make identity authentication more secure and privacy protective is something that could be very positive – however the devil, in these situations, is in the details and at this point those details are not sufficient to be able to comment more specifically on this concept.”