From stationery boxes to passbooks and bank cards, passwords go hand in hand with modern life. In the digital age, all online and offline life services are bound with account and password. Once the account password goes wrong, forgotten or stolen, our daily life will be difficult.
Over the past decade, smart phones have popularized biometric technology for the majority of digital citizens, and also brought a way to eliminate the troubles of passwords in their whole life. With a recent joint announcement by Microsoft, apple and Google, it seems that we are really getting closer to "secret free life".
The big three work together to eliminate the trouble of password
On May 5, apple, Google and Microsoft announced that they would expand their support for the general password free login standard created by Fido alliance and World Wide Web Alliance (W3C), provide unified, safe and convenient password free login methods for major websites and apps, and support various devices and platforms.
The three platforms work together, which can basically radiate all over the whole field of consumer digital In the near future, whether we use smart phones, tablets or PCs, we can enjoy the convenient and fast experience like fingerprint payment and face recognition payment on all major platforms, and forget the troubles caused by passwords.
Besides convenience, password free authentication has high requirements for reliability and data security. Here we will talk about the Fido alliance to destroy the password
Founded in July 2012, Fido alliance is committed to solving the problem of interaction of compulsory authentication devices and users facing a large number of complex user names and passwords. Its members include technology giants such as apple, Google, Microsoft, blackberry, paypal and Lenovo. The non password standard implemented by Fido relies on the biometric scanner or master pin code of the device to authenticate users locally without transmitting data to the network server.
In the newly announced plan, Fido has introduced two important new functions:
- Allow users to automatically access Fido login certificates (or "keys") on multiple devices, including new devices, without having to re register each account;
- Allow users to use Fido authentication on mobile devices to log in to apps or websites through nearby devices, no matter which OS platform or browser these devices are running.
The first one aims at the contradiction of "chicken or egg first" in the verification process, which widely exists in the two-step verification mode. Users need to register in advance on a device before further use. The second item provides better universality, aiming at the problem of non interoperability of authentication methods between different network platforms and apps.
Apple, Google and Microsoft platforms expect these new features to be implemented in the coming year. As for when the specific secret free scheme can be implemented, the alliance has no specific timeline.
Crime of password
When the network service is still very single, we need to use few passwords. It is a low threshold and easy to popularize form of authentication. After the continuous enrichment of network services, we need to use more passwords, and all kinds of troubles of passwords come one after another. More passwords are easy to forget. In order to avoid forgetting, people tend to use simple passwords or reuse passwords, which eventually leads to a series of security problems.
Research by the security agency splashdata shows that "123456" has dominated the list of the most commonly used passwords since 2013. 123456789, "password" and "QWERTY" are the nail households in the top 5 of the list. These weak passwords are usually broken in less than one second, but they are still widely used, and their security risks are immeasurable.
Fernando CORBAT ó, inventor of digital password and winner of Turing prize, once admitted that password is like a nightmare of contemporary people. No one can remember all passwords, either in a small notebook or in software management. Both mean great trouble.
Kobator led the establishment of the first time-sharing operating system CTSS (compatible time-sharing system) in 1961, and used passwords as system protection on computers for the first time. The first computer password leak in history also happened on this system. Because of a software bug, the system confused the welcome information with the master password. As a result, all those who log in to the system can see the password list of CTSS.
In the following decades, in order to improve the security of passwords, people have continuously improved the storage methods of passwords. However, these methods have not fundamentally changed the way people remember passwords, and the lifeblood of passwords has never been eliminated.
The road to the "no password era"
Since we want to abandon the password, what specific way should we take over the work of the password?
At this stage, we mainly have two ways: one is fingerprint, face and other biological information, and the other is two-step verification and auxiliary device verification, such as dual verification of Apple ID The mobile phone scanning code and SMS verification code, which are widely used in China, are also a low-cost secret free login implementation form.
Microsoft has taken early steps on the road of clearing passwords. Follow windows 10 released in 2015, Microsoft launched windows Hello security system based on biometric technology, which can replace traditional passwords through fingerprint, iris scanning or face recognition. Since then, Microsoft has also released the Microsoft authenticator mobile application, which turns the mobile phone into a login verification tool.
On September 15, 2021, Microsoft announced the opening of the password free era. If users use Microsoft authenticator, windows hello and other methods, they can completely delete the password in their Microsoft account.
Apple also took a key step on last year's WWDC 2021 and announced a new password authentication function. Users can use face ID and touch ID based account authentication to replace passwords. Its initial support has arrived in IOS 15.4 and is expected in the upcoming WWDC 2022 and iPhone On the 14 series, we can see more specific function implementation.
It is true that people cannot easily switch to the "password free era". This simple and pragmatic verification method is still rooted in the hearts of many people like Windows XP. However, we believe that with the gradual improvement and popularization of secret free norms and mechanisms, such an era will eventually come.