Apple, Microsoft and Google making another attempt to kill the password
Mykl writes:
A consortium of companies, including the big hitters Google, Apple and Microsoft, are making another attempt to kill off the password. This time it's through a system known as Passkeys.
Passkeys work almost identically to the FIDO authenticators that allow us to use our phones, laptops, computers, and Yubico or Feitian security keys for multi-factor authentication. Just like the FIDO authenticators stored on these MFA devices, passkeys are invisible and integrate with Face ID, Windows Hello, or other biometric readers offered by device makers. There's no way to retrieve the cryptographic secrets stored in the authenticators short of physically dismantling the device or subjecting it to a jailbreak or rooting attack.
Ars Review Editor Ron Amadeo summed things up well last week when he wrote: "Passkeys just trade WebAuthn cryptographic keys with the website directly. There's no need for a human to tell a password manager to generate, store, and recall a secret-that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced."
Given the nature of having the OS manage your credentials with other sites (without ever actually sending your biometric data, PIN or similar data), it becomes possible to share the same credentials across all logged in devices (think, iPhone, iPad, Mac all serviced by iCloud). Phishing sites would no longer be able to steal and re-use credentials.
It certainly sounds promising, though obviously a great deal of trust is given to the OS. What are other Soylentils' thoughts?
Read more of this story at SoylentNews.