Instead of remembering hundreds of passwords and waiting for them to leak, all the major companies have announced support for a standard that allows you to turn your smartphone into your identification tool.
Instead of passwords, Passkey you do not even know
Many security researchers will explain to you that written passwords are just Something You Know. That is, information that only you are supposed to know, but in practice, it can be guessed. On the other hand, Something You Have is already something that is used to prove access, like your email that you receive a code for or your smartphone that can be used to prove that you really own it. Strictly, also use Something You Are, which is a physical identifier that is unique only to you like a fingerprint or facial structure. The combination of all three is considered the ultimate way to keep your multiple accounts secure. This is where FIDO comes into the picture.
Apple, Google, and Microsoft have simultaneously announced a collaboration with the FIDO initiative, which basically allows us to make smartphones our main identification tool so we can connect to accounts, websites, and platforms the same way we access your smartphone. That is, simply identify in front of our device with a fingerprint, face scan (or even with the code or pattern we set) – and it, in turn, produces an encrypted Passkey, which is basically a cryptographic token, which is transferred to the site we are trying to access, and allows us to enter it without a password. In practice, as soon as we enter a support site, instead of identifying with a laptop and entering a username and password, just drop us a message on the smartphone and ask us to put our finger on the fingerprint reader, or alternatively draw the opening pattern or look at the face of recognition device.
Thus, even if hackers try to log into your accounts, and have the email and password, they still need physical access to your devices and perhaps your biometric details as well – making phishing attacks much less dangerous. On the other hand, you also gain a much more uniform and simple user experience, when you suddenly do not have to memorize and remember your hundreds of passwords that have long since leaked to the net, but simply log into your accounts as easily as you turn on your smartphone.
We will go into action as early as next year
The FIDO device is not new, and if you are an Android user, you may have already turned your smartphone into a security key for your accounts back in 2019. The good news here is that all companies will support the standard, which will allow you to access all your primary accounts in the same way and use all the most popular browsers, smartphones, tablets, and laptops in the world – which means you can remove your passwords full of accounts and sites. In case you started to worry about losing access in case your smartphone is damaged or stolen, at least according to Google, your unique Passkeys are synced to secure backup in the cloud so you can transfer them to a new device without any problem.
All the companies have announced that they will implement FIDO in all their systems next year, so in the meantime, you will have to continue to defend against hacks by more familiar means like Two-Step Verification and Authenticator applications of various kinds.