FIDO Alliance

Many times, users share passwords between all accounts on the internet. For experts, this practice is one of the most dangerous actions that the user can perform on the Internet. Sharing passwords is nothing more than a help for hackers to access our data with just a few keys. For this it was created FIDO Alliance, an alliance of large companies that defend improved authentication of services, enhancing biometric services by creating unique keys eliminating individual Internet passwords. Apple, Google and Microsoft are in the alliance and are committed to expanding standards for all of their services.

Apple, Google and Microsoft extend FIDO Alliance standards

The FIDO Alliance is responsible for creating alternative quality standards to traditional passwords. Let’s take an example to see how these standards work for regular use of Internet services. When a user registers for a service, the system generates a pair of cryptographic keys. On the one hand, the private key is stored in the hardware of our device while the public key is stored in the online service to which we subscribe. When we decide to connect to the service, we must demonstrate that the device from which we are accessing has the private key that corresponds to the public key of the service. We do this through hardware unlocking through a biometric system (fingerprint, face, voice, etc.) or by entering a PIN code.

In fact, Apple already does this on its devices when it shuts down download something from the App Store or buy something from Apple Pay we only have to unlock the iPhone with our face. The iPhone detects that it is us because it correlates us with the face and displays the “private keys” to access the common service.

Related article:

Protect your passwords with Microsoft Authenticator’s new “autofill”

Apple could take advantage of WWDC22 to announce news

However, the FIDO Alliance intends to put all these standards on the Internet. With the aim of leave out long and identical passwords between services. So they said Apple, Google and Microsoft in the new press release announced by the alliance where major companies commit to extending their standards for their services. The words of Apple’s Director of Product and Platform Marketing put it this way:

Working with the industry to establish new, more secure login methods that provide better protection and eliminate password vulnerabilities is at the heart of our commitment to creating products that provide maximum security and a seamless user experience, all with the protection of users’ personal information.

It is likely that Apple will rely on WWDC22 to announce news about these password storage and security systems. The goal is to try to make users able to get rid of passwords and change access to biometric sensors that store private keys to access services.