Somehow Totally Different From Passkeys in iCloud Keychain Or Password Managers
The majority of people are bad at passwords, especially in the volume you are expected to keep track of at this point. We know reusing passwords is bad, as is writing them down and even the slight variations many use so that they are technically not the same password as on another service isn’t exactly great security. On the other hand, we are also generally not great at remembering long lists of unique phrases, let alone recall which password belongs to which account; without some sort of mechanism to prime our memory.
Password managers like LastPass have been around for a while, allowing you to link all your accounts to a single password or biometrics challenge thus letting you have a long list of unique passwords which you do not have to memorize. There are some problems with this however, from forgetting that single key password to losing the master device associated with the software and, of course, the possibility the of a security breach in the provider. This has prevented some from adopting this solution, currently one of the least worst solutions to the password conundrum.
The FIDO Alliance’s plan is to develop WebAuthn credentials which can be either a passcode or biometric key which is stored locally on your device as opposed to authenticating it against an online database. They have had previous success with this process, Apple’s iCloud Keychain and Google’s Advanced Protection Plan both make use of FIDO’s WebAuthn process but as of yet they have not seen much market penetration and have issues, as anyone who lost the device they set up iCloud Keychain on.
Ars Technica offers a brief overview of what the FIDO Alliance hopes to accomplish, or you can go straight to the white paper here. Take a peek and see if you think they are onto something, or if this will just be yet another failed attempt to banish passwords forever.
On Thursday, the organization published a white paper that lays out FIDO's vision for solving the usability issues that have dogged passwordless features and, seemingly, kept them from achieving broad adoption.