Google paves the way for a world without passwords but based on ‘access keys’a new proposal that links a private key with the user’s personal account and allows it to be synchronized between devices for use on the web.
The FIDO Alliance (Fast Identity Online), to which some of the most important technology companies are subscribed and whose objective is to create new secure standards for the management of digital services, has proposed a new security approach which leaves both password and two-factor authentication behind.
Is about multi-device credentials, capable of circumventing the ‘phishing’ that lurks in the other two security barriers. In this case, it is a proposal that saves on the device (mobile, computer or tablet) cryptographic information, a private key that generates a signature which subsequently checks a server that has indeed been created with said private key when trying to access a website.
In practice, this process works similar to a password managerand is commercially known as ‘access key’, as stated by the alliance itself in its March 2022 report on ‘How FIDO addresses a full range of use cases’.
Its support has already been included in iOS, in the second beta of version 15.5, and now Google is working to include it, as they have discovered in 9to5Google, in lines of code of the latest version of the Google Play Services (version 22.15. 14).
In the case of Android, the access keys are saved in the Google accountwhich allows this information sync across devices, useful if, for example, you change to a new mobile phone. The user will still need to log into their account with the password, but it will bypass it in web services.