The first Thursday of May is apparently “World Password Day,” and to celebrate Apple, Google, and Microsoft are launching a “joint effort” to kill the password. The major OS vendors want to “expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.”
The standard is being called either a “multi-device FIDO credential” or just a “passkey.” Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way. This sounds like a familiar system for anyone with phone-based two-factor authentication set up, but this is a replacement for the password rather than an additional factor.
A graphic has been provided for the user interaction:
Read 4 remaining paragraphs | Comments