The world celebrates this Friday, like every May 6, the international day of the change of password. What if this is the last year that we celebrate this cybersecurity day? The end of the password as we know it is almost done, a new system will very quickly come to replace it..
The end of the password?
Managing identifiers has become a real headache for most Internet users. A password for his personal mailbox, a password for his Instagram account, another for Twitter, Social Security, his bank account etc… With the dematerialization more possible to take a step on the net without needing to connect .
Unless you use a password manager, it's nearly impossible to remember them all. This is why many Internet users continue to use weak passwords such as 123456 or azerty..
Such a practice is not without risk for your accounts. The hacker can easily find your password. Once your identifier is discovered, he can block your accounts and demand a ransom or worse impersonate you. Identity theft is a scourge that affects many French people.
If you follow a bit of news on the internet, you know that data leaks (hacking or security breaches) on the internet are numerous. It is essential, not to say mandatory, to adopt a strong password for your accounts. Below is a method to create a secure password..
Secure internet without password
Aware of this problem, the big Tech companies like Microsoft, Apple or Google (within the Fido alliance, Fast IDentity Online) have been working for several years on a new authentication system. Clearly, this device will allow any Internet user to connect without having to enter a whole series of letters, numbers and special characters.
But then how does this new passwordless authentication system work? Technically this device is based on your smartphone. When you want to connect to one of your web accounts, when you authenticate you will receive a message on your phone.
To validate the connection, all you have to do is unlock your phone using the previously configured system (PIN code, password, fingerprint or facial recognition). And that's all.
The so-called private key (passkey) is generated automatically during the first connection to the website and then stored in your smartphone. A public key associated with your account will be kept on the site's servers. When you authenticate yourself, the system will synchronize its two keys in order to allow you to access the application.
The Fido authentication system is accessible on a large number of operating systems and web browsers. Another important advantage is that no sensitive data (password, biometric data) leaves the user's smartphone.
This Fido authentication system is a significant step forward in terms of security. It greatly facilitates the connection to a web service while offering a much higher level of security than a password. Let's hope that this system arrives very soon on all smartphones and web platforms.