Over the next year, all major mobile platforms have pledged to bolster support for FIDO’s passwordless login standards, and Google plans to roll it out to Android and Chrome, making it easier to log in between devices, websites and applications, regardless of platform and without the need to enter a password.
How will the future work without passwords?
When the user logs into a website or app on their phone, they can only do so by unlocking it. Neither account will need a login password. Instead, the phone will store a FIDO ID called a passkey, which is used to unlock any online account. The authentication key makes the connection more secure because it is based on public key cryptography and is only displayed in the account when the phone is unlocked. To log into a website from a computer, all you need to do is have a phone nearby and unlock it to access it. What happens if the mobile phone is lost? Passkeys will be securely synced to the new device from cloud backup.
“The expanded FIDO support we’re announcing today will enable websites to implement key access experiences. When this support becomes available across the industry in 2022 and 2023, we’ll have Internet for a free passwords,” said Sampath Srinivas, Director of Product Management, Secure Authentication at Google. He added, “In the meantime, passwords will continue to be a part of our lives, and at Google, we will remain committed to making conventional connections safer and easier through our existing products and continued innovation.”
Tips for digital cleaning
Google offers some recommendations for users to stay safe online with tools that give them control and choice over their privacy. As a first step, the company suggests performing a quick security check and protecting Google accounts immediately. Some other recommendations are:
- Password Manager: automatically protects user passwords. In the administrator it is available on password verification, a feature that, with a single click, indicates if one of the passwords is weak, if it has been used on several sites or if you discover that it has been exposed (for example, by a third-party leak ). More information on password verification here.
- password review (Security controle): is a feature built into the Password Manager that checks the strength and security of all saved passwords, indicates if they have been compromised, and provides personalized and helpful recommendations when needed. Helps keep your Google Account secure by proactively detecting and responding to security threats. For example, it automatically resets the Google account password if it thinks it has been exposed during a data breach. More info here.
- Security Copy: At any time, users can access “Download your data” and make a copy of all their information on Google. They can even make a copy of your data and, if they prefer, leave Google and use your data with another service.
- Add trusted computers or cell phones: If the user does not want to enter a two-step verification code or use the security key Whenever you sign in to your Google Account, you can trust your computer or mobile device. You don’t have to enter a verification code every time you want to access a trusted computer or device.
- Recover account if phone was lost/stolen: if this situation occurs, the user will have to log out of their account on the device they no longer use. To recover the account, you will need to follow these steps: 1) Log in to Google account, 2) tap “I don’t have my phone” Yes 3) choose one of the available options and perform the steps that appear on the screen. If none appear, it is recommended that you try to access from a frequently used computer. More information in this link.
- How to access an account if a code is requested by SMS and you don’t have a phone: It is always important to have a verification method and that it is updated, but if you do not have it, it is recommended to enter the account recovery form. This makes recovery much easier by accessing it from a computer and location that you usually log into that account with.