After the gradual supplanting of writing the password in favor of registration with login via accounts such as Google, the company is now ready to take the next step: end passwords forever. Through unlocking the phone, we can authenticate to a website or application using the mobile itself.
Our Google account stores a large number of passwords in the private area. Thanks to this, connecting to websites using Chrome is extremely simple, as well as authenticating in the applications installed on our Android. Even though Google wants to go further by avoiding the use of any password. Because, if we access the phone securely, we can prove our identity to any service with it.
Mobile is the key to prove your identity
The phone accompanies us wherever we go, we have access to our entertainment, our professional information and even includes a door to our finances. With so much private data, cellphone manufacturers were promoting biometrics as a way to ensure identity with the least effort on the part of the user. And that’s precisely what drives the next step in access security: eliminating cumbersome passwords.
As confirmed by Google, the company will provide the ability to do without passwords on websites and apps. All this thanks to the telephone: since it is unlocked in complete safety, said unlocking will constitute a sufficient guarantee of identity. Both on mobile and other devices: if you access a website protected by a password, Android can prevent its use by taking advantage of the unlocking of the phone.
Google is a member of the FIDO Alliance, a “consortium of open-standards technology companies whose mission is to solve problems related to passwords and phishing“. This alliance is now ready to do without passwords thanks to the security key that the phone has become. Write a different password for each site, for application logins, for the bank…? It could be a thing of the past.
The mobile will be the security key that will prevent the creation of passwords since it will suffice to unlock it to exercise its authentication function. A FIDO ID called “passkey” will be stored in the registry: This will be the password replacement. The password will be used automatically when the user wants to access the application, website or service in which he registered again and without doing anything else; as long as you have access to the phone and can unlock it with your credentials.
FIDO Access Keys will be synced with Google Account so that they remain accessible to the user even if the original phone is lost: Android will resynchronize the identifiers on the new mobile with the backup.
Google is planning a transition period during which we will stop using passwords to use mobile as the only security key
Google will begin the process of transitioning away from using current passwords in favor of Fido passkeys. It will help developers implement this new credential system in their products. And it will not only be necessary to install Android: as a member of FIFO, Apple will implement the processes also in iOS; just like Microsoft with their respective products.
