The three tech giants have worked with FIDO Alliance to create a system based on public key cryptography techniques
Imagine this: You unlock your phone or computer with a pin code, fingerprint or face ID just once, and subsequently never have to do it again for the duration of the session, even when accessing your email or any websites or apps that may traditionally require passwords.
It may sound too good to be true, but a (mostly) password-free world can become reality in as little as a year’s time, made possible through close collaboration between Apple, Google and Microsoft. On its part, Google claims that it’s an undertaking that has occupied the company for almost a decade.
The (literal) key to the magic lies in a system created by the FIDO Alliance and the World Wide Web Consortium. It uses public key cryptography techniques to create a key pair every time a user registers with an online service. The pair comprises a public key and a private key. The former is the one that gets registered with the online service, while the latter remains connected to the user’s device and is never revealed or allowed to leave the device.
In this manner, the private key – and hence the device connected to it – remains safe from phishing, hacking, and other security risks, while remaining a trustworthy proof of identity for the device’s user.
Here’s how it works: When the user signs up for an online service, they are first prompted to authenticate their identity using the pin, fingerprint, or face ID associated with their device’s private key. The device then creates a unique public-private key pair, sending only the public key to the online service. The public key is now associated with the user’s account and is unlocked every time the user identifies themselves to the private key, such as when they key in a pin to unlock their phone.
The system can be connected to the cloud, ensuring that new devices can be added to the same account or private key without hassle. Apple, Google and Microsoft have estimated that the system can be implemented across their products within a year.