[ad_1]
It's more important than ever to manage your passwords online, but also more difficult to follow. This is a bad combination. Thus, the FIDO alliance, a consortium that develops open source authentication standards, has pushed its customers to extend their secure connection protocols to create seamless connections. Now, Android is on board, which means that one billion devices can say goodbye to passwords in more digital services than ever before.
On Monday, Google and the FIDO Alliance announced that Android had added certified FIDO2 standard support, which means that the vast majority of devices running Android 7 or later will now be able to handle password-free connections in mobile browsers such as Chrome. Android was already offering secure FIDO connection options for mobile applications, in which you authenticate using the fingerprint scanner of a phone or a hardware dongle such as 39, a YubiKey key. But FIDO2 support will allow you to use these simple authentication steps for web services in a mobile browser instead of painstakingly typing your password every time you want to connect. Web developers can now design their sites to interact with Android's FIDO2 management infrastructure.
"Google has been involved in FIDO for a long time now, especially because of phishing, which is one of the biggest authentication problems on the Web today," he says. Christiaan Brand, Product Manager at Google, who focuses on identity and security. "The natural evolution was oriented towards FIDO 2. Customers are already used to using these sensors on the device to authenticate daily in applications.How can we make this technology available for websites?"
Developers can implement FIDO2 authentication in different variants to suit their product, but all versions provide additional phishing protection by requiring user participation when connecting (for example, an analysis fingerprints or the production of a dongle). Do not go that far with usernames and passwords alone.
FIDO2 and a related standard, WebAuthn, created by the FIDO Alliance and the World Wide Web Consortium, have gained ubiquity through its adoption by all major browsers, with the exception of Safari, although that Apple has hinted that it would add support, as well as platforms like Microsoft in. But Android represents a milestone, as it will allow a major subset of mobile developers to begin offering universal login without a password. The Google brand indicates that as part of FIDO2, developers will even be able to streamline their mobile browser and local application connection infrastructure so that a user can set up a password-free login on the Web and that same easy authentication step is carried over to the previous page. application of the service or vice versa.
"We are now at the stage of implementation in browsers, but we now see FIDO technology sedimented in an even larger number of users," said Andrew Shikiar, director of marketing for the company. FIDO Alliance.
Since Android is open source and can be deployed in different ways by device manufacturers, the platform is causing problems to keep the world population of devices up to date with the latest features. of the operating system. But Brand says that Google publishes the FIDO2 update via a mechanism called Google Play Services that will allow it to reach almost all devices running Android 7 or later without manufacturers having to do anything or adapt . This means that the update will actually access most of the massive users of Android.
While FIDO2 support allows Android to accept secure Web connections using dongles, NFC, and Bluetooth, Google is considering fingerprint authentication as the simplest and most likely method of gaining popularity among users. . And both Google and the FIDO Alliance point out that in all of this, your fingerprint data is always always stored locally on your device and is not sent anywhere else or owned by another party. The sensor creates a cryptographic signature from your fingerprint data, which is then used in the FIDO2 authentication scheme.
"Providing the FIDO2 option provides very strong protection for the identity of account holders," said Kenn White, director of the Open Crypto Audit project. "You and I could be deceived by" paypa1.com "but a FIDO key will not be." Among the security community, WebAuthn, which FIDO2 crosses with, is considered one of the most important account protections. stronger than ever. "
Although FIDO2 promises users a much simpler Web security experience, it will take time to achieve adoption that is almost as universal as traditional password systems. And digital identity experts warn that any unique identifier, no matter how robust, is always more secure when paired with a second strategic authentication factor. Unfortunately, even in a glorious utopia without passwords, there is never a silver bullet for account security.
More great cable stories
[ad_2]
Source link