We use passwords constantly to log in to social networks, use devices, make payments… We can say that they are the main security barrier that prevents intruders from having access to our information. However, the way we use them has changed. In fact, Google wants to implement passwordless logins on android and also in the Chrome browser. Is this a good idea? Can they really put an end to passwords?
Google wants to end passwords
It’s something we’ve been looking at for a while. More and more services are using alternative methods to passwords to login. A clear example is the applications that allow us to enter simply by putting the fingerprint on the screen.
What Google searches for with this is simplify logins in apps and devices. They want to allow web pages and programs to offer the possibility to log in without having to put a password, something that they indicate will help improve security and also make everything easier.
But how is this going to work? Google, along with Microsoft and Apple, have been planning and working on a common standard for some time so that the device can store a FIDO-named credential, which acts as the access key. Basically, once you unlock the phone, you can log in quickly and safely.
It’s based on public key cryptography and it only works when the phone is unlocked, as reported by Google. We can say that it acts in a similar way to putting the fingerprint or facial recognition, something that we can already do numerous times at the end of the day to open programs or unlock the computer.
positive for security
We will have to wait to see how they finally manage to implement this option, compatibility with applications and if users are really going to want to use it or prefer to continue with the traditional method. What is clear is that every time we have more access keys and that makes us look for alternatives, such as using password managers, fingerprints, etc.
If we think of the security, the truth is that ending passwords as Android wants is something very interesting. A clear example is that users are not going to fall into the trap of Phishing, which basically consists of entering the password when logging in through a false link. In this case, authentication is performed on the device itself, through FIDO credentials.
From Google they even ensure that it is safer than logging in through 2FA methods, which are the multifactor codes that we can receive by SMS or through the application. They indicate that it is a really reliable way to log in and that it will prevent many cyber attacks.
In short, Google goes one step further and wants to make Android users able to log in without having to enter a password within a year. It’s a good idea? We will have to wait to see how they implement it, compatibility with applications and possible problems that may arise so that users can really use it with ease.