On many occasions, users share passwords between all accounts all over the Internet. For experts, this practice is one of the most dangerous actions that the user can carry out on the Internet. The fact of sharing passwords is nothing more than an aid so that hackers can access our data with just a couple of keys. For this it was created FIDOAlliance, an alliance of large companies that defend an improvement in the authentication of services, enhancing biometric services by creating unique keys eliminating individual Internet passwords. Apple, Google and Microsoft are in the alliance and have committed to expanding the standards for all of their services.
Apple, Google, and Microsoft Expand FIDO Alliance Standards
The FIDO Alliance is responsible for create quality standards alternatives to the usual passwords. Let's take an example to see how these standards work for the regular use of Internet services. When a user signs up for a service, the system generates a pair of cryptographic keys. On the one hand, the private key is stored in the hardware of our device while the public key is stored in the online service to which we are registering. When we decide to log in to the service, we must demonstrate that the device from which we access has the private key that correlates with the public key of the service. We do this through hardware unlocking through a biometric system (fingerprint, face, voice, etc.) or by entering a PIN.
Actually, Apple already does it on its devices when it stops download something from the App Store or buy something from Apple Pay we only have to unlock the iPhone with our face. The iPhone detects that it is us because it correlates us with the face and displays the 'private keys' to access the common service.
Apple could take advantage of WWDC22 to announce news
However, the FIDO Alliance intends to bring all of these standards across the Internet. With the objective of leave aside long and identical passwords between services. So they have stated Apple, Google and Microsoft in the new press release announced by the alliance where large companies commit to expanding their standards for their services. The words of the director of Marketing of Products and Platforms of Apple thus express it:
Working with the industry to establish new, more secure login methods that offer better protection and eliminate password vulnerabilities is central to our commitment to building products that offer maximum security and a transparent user experience, all with the To keep users' personal information secure.
It is likely that Apple will rely on WWDC22 to announce news about these password storage and security systems. The goal is to try to make users capable of getting rid of passwords and changing access to biometric sensors that store private keys for access to services.