Passwords are an essential component of online security. However, among the most popular credentials we still have weak examples like numerical sequences and other types of poor passwords. That said, Google is now sharing some of its vision for the future of the Android operating system, as well as its Google Chrome browser.
In both cases, US technology will have to implement a “passwordless” future that is more secure and practical. While this may seem out of place today, the company today shared some progress made in this direction. So, in the midst of World Password Day, we not only get some good online security practices, but also a glimpse of the future.
Why use passwords like abc123 and 123456?
People are constantly encouraged to adopt and reinforce safety habits. However, with so much advice, some contradictory, it’s hard to understand where to start or what to believe. Maybe that’s why people take the easy way out and choose to use common passwords like abc123 and 123456.
Thus, on World Password Day, Google took advantage of this event to announce that the main device platforms have committed to supporting FIDO authentication standards over the next year. That is, without a password.
Google plans to implement support for passwordless authentication in Android and Chrome. However, Apple and Microsoft also announced that they will support iOS, MacOS, Safari, Windows, and Edge.
That way, when the user logs into a website or app on the phone, all they have to do is unlock their phone, the account no longer needs a password.
How will a future without passwords work?
In practice, when the user signs in to a website or an application on his phone, he only has to unlock his phone; your account will no longer need a password.
Instead, your phone will store a FIDO credential, called a passkey. This is used to unlock your account online. The access key makes registration much more secure as it is based on public key cryptography and is only displayed in your online account when the user unlocks the phone.
Thus, to register on a website from your computer, the user only needs to have their phone nearby, since they will be asked to unlock it in order to access it. After doing this, the user will not need their phone again and can sign in simply by unlocking their computer.
Even if you lose your phone, your access keys will be securely synced to your new phone from cloud backup. Thus allowing the user to pick up right where their old device left off.