Google and Microsoft Push Websites to Go Password-Less

科技动态 2018-04-23 阅读原文

Say goodbye to passwords. The biggest websites in the world could replace them with fingerprint scans and facial recognition powered by Google and Microsoft.

On Friday, the two companies previewed their efforts to help internet platforms go password-less through Android smartphones and Windows PCs during the RSA security conference in San Francisco.

Want to make a purchase online? Google demoed
how the fingerprint sensor on your Android phone could revamp PayPal's login process. No need to enter a password to approve that purchase. Simply scan your fingerprint, and voila: PayPal will let you into your account.

You can also do the same on a PC, but by scanning your face. Microsoft demoed how its Windows Hello
feature can use a computer's webcam to read your facial features, and then grant access to your PayPal account.

Fingerprint scanning and facial recognition tech are nothing new, but getting your favorite websites to use them is. Google and Microsoft are both members of the Fast Identity Online (FIDO) Alliance, which has been pushing the tech industry to drop passwords in favor for simpler, securer ways to grant login access.

"We all know that passwords are a problem," said Brett McDowell, the FIDO Alliance's executive director. He pointed to statistics
, showing that 81 percent of all data breaches in 2016 involved weak or stolen passwords falling into the hands of hackers.

"We also have a usability problem with passwords. They're clumsy, hard to remember," he added. So to solve the problem, his alliance has developed FIDO 2.0
, a new standard for login systems. It does away with passwords for devices like smartphones and PCs, which can usebiometrics to unlock your online account.

How does this all work? The device scans your fingerprint or face to verify your identity. It then generates a unique private key that can unlock the internet account you want to access. One big advantage this has over passwords systems is that the website never learns or stores your private key. The website simply issues a digital "challenge" that your private key can sign, which will then unlock access to the account.

Related

Both Microsoft and Google have been pushing for FIDO 2.0's adoption. They're preparing to build the authentication technologies
into their own internet browsers. On Monday, Microsoft said
the next Windows 10 release would also support the standard too.

To get websites to adopt FIDO 2.0, software developer and FIDO Alliance member Nok Nok Labs is offering
to help companies migrate their platforms over to the password-less login systems.

The technologies demoed on Friday were still in the pre-production stages, but McDowell said it's possible that 2019 "will be a big year" for FIDO 2.0's adoption across actual websites.

Hacker News

责编内容by:Hacker News阅读原文】。感谢您的支持!

您可能感兴趣的

淘宝联手微软进军MR购物!“淘宝买啊”将改变数亿消费者买买买姿势... 扔掉手机电脑,听商品说话,动手指“隔空取物”,就可以完成一笔淘宝订单?这样场景不再是科幻片专属。最近,淘宝宣布进军MR(Mixed Reality,混合现实)购物,引发巨大热议。淘宝买啊是未来主流购物模式?淘宝在布局5年-10年后的技术?...
EU Considers Another Massive Fine for Google Over ... The European Union and Google aren't the best of friends right now. Late last month, the European Commission issue...
Android 大神 Jake Wharton 宣布入职 Google 上个月我们报道了 Android 大神 Jake Wharton 宣布从 Square 离职 的消息,当时 Jake Wharton 尚未透露他的下一步动向,不过有网友猜测去 Google 的可能性比较大,原因是Google 近年来时常有...
FAMGA Are Patenting Data Security Innovations Facebook, Amazon, Microsoft, Google, and Apple (FAMGA) are doubling down on data security. These companies track our b...