“Numbers and letters; uppercase and lowercase letters. At least eight characters.” Instructions for developing passwords abound.
They are ubiquitous for logging into your online bank account, reading an online newspaper, logging into Netflix, opening an email address, etc. In addition, passwords are becoming more and more complex to the point of becoming a headache for users.
According to a 2020 study cited by our colleague Les Echos, each person uses dozens of different passwords on average. Since no one is able to hold back so much, everyone is looking for alternative solutions.
Don’t keep the same passwords all the time
Some people always use the same passwords, which is not recommended by cybersecurity experts because in the event of a data leak, hackers will be able to access all accounts protected by the same password. Others write them down in a notebook near their computer or store them in their cloud account on their smartphone. Those who can use a password manager, a kind of digital safe containing all the passwords of a user.
According to Les Echos (June 21, 2022), internet giants like Apple or Google offer it, along with specialized players like Dashlane, NordPass a Password, etc. Their tools automatically connect the user to sites or applications and are protected by a single password that unlocks all accounts.
Reduce passwords, response to cyber attacks
Some cybersecurity gamers want to go further by offering to simply remove passwords. This is the goal of Fido (Fast IDentity Online), a group of digital industrialists launched ten years ago. The idea is that reducing dependency on passwords would limit cyber attacks. The shape of the face or the fingerprint will serve as sesame. After a decade of research, the work is nearing completion. Last month, Apple, Microsoft and Google announced their support for a new identification technology, called “Multi-device Fido”.
Fido’s “Multi-device” technology is based on cryptographic tools and biometric sensors in smartphones. The exchange of passwords between an Internet user and a server is replaced by an encrypted key pair.
The public key is stored on the server and the private key on a user-owned terminal. To connect, the user must activate their private key, which communicates with the server’s public key to authorize access. It does this using the biometric technology of its terminal. Depending on the model, it can be face, iris or fingerprint recognition. If the device does not have a biometric sensor, or if it does not work, the user can activate their private key with a numeric code or a password, but this is never exchanged over the network.