We have been hearing about the end of passwords for years, but the moment seems to be still quite far away in time. Although the use of two-factor authentication has made it possible to improve the security of user accounts in recent years, this is still not enough, especially when it is not implemented in most Internet services, and if it is implemented, it is not widely used, unless companies like Google force it.
But the work with the aim of replacing passwords with a more secure login system continues, and since the publication 9to5Google they have just found hints in the source code of a recent version of Google Play Services that point to Google’s work on implementing a system based on “access keys”, developed by the FIDO Alliancealthough it will not be the only company that will use it, since others, such as Apple, which is also part of the FIDO Alliance (Fast IDentity Online), will also use it.
A system based on access keys to replace passwords
The point is that this secure authentication system is implemented in a large number of third-party services in order to be successful and definitively stop using passwords on a regular basis when logging into applications and services, although the passwords will not disappear completely, as we will see later.
According to 9to5Google, this new FIDO Alliance system takes a cryptographic key approach, where unlocking the device before logging in will suffice.
But when registering for an application or service with support for “access keys”, they point out that:
During registration to an online service, the user’s client device creates a new key pair. Keep the private key and register the public key with the online service. Authentication is performed by the client device proving possession of the service’s private key by signing a challenge.
They explain that the generated access keys will be saved in the Google account itself, or in Apple in the case of iOS users, and that it will only be necessary to know the passwords of the Google (or Apple) accounts, especially , when using a new device:
Instead of passwords, you’ll have “passkeys” that are stored on your device and the operating system’s associated cloud sync service. In the case of Android, the access keys, which is the name that Apple will also use, are saved in your Google account, as explained in the new strings in the latest version of Google Play services (version 22.15.14 ).
The development and implementation continue, although at the moment it is not known when this mechanism will become available to all users, if they do not back down in the search for a better security method.
More information: 9to5Google
