How Apple, Google and Microsoft are making passwords a thing of the past | Technique

What if you don’t have to type the password again? imagined. Global celebration day. Children dancing in the streets. Soldiers laying down their weapons and hugging their tears across the battlefield.

Or, at least, a slight improvement in your daily life. That’s what Apple, Google, and Microsoft are offering, with a somewhat rare triple announcement that the three tech giants are all embracing the Fido standard and heralding a passwordless future. The standard replaces usernames and passwords with “passkeys,” login information stored directly on your device and only uploaded to a website when matched with biometric authentication such as a photo or fingerprint. From the Apple ad:

Users will sign in through the same procedure they do multiple times each day to unlock their device, such as a simple verification of their fingerprint, face, or device PIN. This new approach protects against phishing and logging in will be radically more secure when compared to old multifactor passwords and technologies such as one-time passcodes sent via SMS.

The three companies will roll out Fido support “over the course of the next year.” The Fido2 standard is actually quite generic, and some companies already support it, largely for internal authentication. But the standard has long been missing the final step needed to be ubiquitous: facilitating initiation.

That’s what this latest ad is all about. With the help of platform owners, users will be able to sync their Fido “passkeys”, without having to sign in fresh on each new device. This takes it from a service that is a nice addition of passwords, to a service that can be used entirely to replace them.

Ease of use is only part of the reason for the switch. Passwords, secured by biometric identification on your phone, are faster than entering passwords manually, but if you use a password manager (and should use a password manager), you’ll be able to enter passwords and log into most websites with a single click. Button (fingerprint sensor) anyway.

But the biggest reason is that passwords are bad. It’s bad because of how it’s used in practice: people make short, easy-to-guess passwords, and then reuse them online. For many users, the more important a website is, the more likely the password will be short and easy to guess, because although you may tolerate entering a long, secure password once or twice, you won’t bother doing it multiple times a day.

And the ways we’ve tried to fix passwords… are also bad. The requirement to add complexity to passwords, in an effort to make them more difficult to crack by brute force, is remarkably infuriating, and is often incompetent in securing the actual result they’re looking for: if “P@ssword1” is a valid password but a “duplon tunnel prorogue” (to provide a passphrase randomly generated by my password manager now) Not so, I just lowered the security of someone’s account.

Two-factor authentication, which requires you to associate a second “factor” with your account — such as the phone number being sent, or any other device you use to approve the login — has its own problems. The most common forms of two-factor authentication involve the use of one-time passcodes, either sent to you via text messages or generated by an app on your phone or computer. One-time passcodes are just as open to phishing as a traditional password, albeit with a shorter expiration date if they are successfully stolen.

And so, if something Fido takes off, the world should become a little safer, a little less frustrating and a lot smoother to move through.

How will it look to you? It may not differ in practice. One day, you will create an account on a website and you will not only be asked for a password. You may not notice this happening. But rest assured: the kids will be dancing in the streets anyway.

A quantum leap in computing?

Last week, the Biden administration issued a warning to federal agencies: “Get ready, the future is coming.” From the log:

The document… calls for a “comprehensive strategy for government and society at large” for quantum information science (QIS), including “the security improvements provided by quantum-resistant encryption.”

“Current research shows that at some point in the not-too-distant future, when quantum information science matures and quantum computers are able to reach a sufficient size and level of sophistication, they will be able to crack much of the encryption that currently secures them,” a senior Biden administration official told reporters.

A quantum computer is a machine that was once theoretical, and now just an experimental machine, that uses the counterintuitive properties of quantum mechanics to enable computations that would be impossible on an ordinary machine. There are a whole host of potential hacks that could be enabled by building a large-scale, functional quantum computer, but one thing that excites nearly everyone is its impact on cryptography.

Almost all ciphers work using the fact that some mathematical functions are easy to do in one way, and very difficult to do in another. The classic example is prime factoring. If I tell you that multiplying two prime numbers together equals 221, it’s hard to tell which is which: if I tell you to multiply 13 and 17 together, that’s trivial. If the numbers are large enough, the first example goes from “extremely difficult” to “impossible in the age of the universe”, but the second example remains very easy. This twist is what enables most of the encryption you use every day, from secure e-commerce communications, to end-to-end encryption for WhatsApp, to the basic security of bitcoin and cryptocurrencies.

Unless you have a quantum computer. Thanks to their funny properties, computers are theoretically able to find prime factors in an instant (comparison). Thus, to defend against them, a whole other branch of cryptography was invented, “post-quantum” cryptography, which relies on mathematics that not even quantum computers can crack. This is what the Biden administration touted last week. Rewriting the entire federal government to use post-quantum algorithms is a huge undertaking, and one that the government will not take lightly.

But there is a strangeness: for all the enormous potential of quantum computers, the largest number considered is … 21. In 2012, a team from the University of Bristol was able to use a quantum computer to show that 21 = 3 * 7. The paper was a major advance It didn’t top it at all, but it was disappointing, of course. So the question posed by the White House memo is: Why now?

Are they simply making a reasonable effort to guard against a quantum hack a number of years into the future? Are they, as some pessimists have suggested, trying to encourage the world to switch to new and untested forms of encryption in an effort to make it easier to find loopholes that would enable spy agencies to find loopholes that would enable them to gain access to secure communications?

Or are they aware of an imminent — or perhaps existing but secret — quantum computing breakthrough that would shake the foundations of the digital world? Answers on a postcard please.

By the way, if you’re working on a secret quantum computer for a three-character agency capable of parsing 512-bit numbers, my reference number is 07901 111711. Text me. seriously.

The Vampire Diaries

We like the newsletters here, right? Well, over the past few days, I’ve been increasingly engaging in a wonderful day, one Bram Stoker wrote. A pseudonym, sure – it makes him sound like a Victorian novelist.

It’s one of those “so obvious I can’t believe it’s never been implemented” ideas. Stoker’s Dracula is best known as an epistolary novel, taking the form of letters among its protagonists. These letters are dated as usual. And so Daily Dracula sends each letter, on the day it’s written, in real time.

Dracula starts May 3, and ends November 7, so you’re only a few days behind if you’re picking it up now. English attorney Jonathan Harker spent a few nights in the castle of a beautiful eastern European aristocrat looking to invest in some prime real estate, but – I don’t know, you guys, I feel like something is up with this guy. That day, Harker came in to find him reading a railroad timetable! Oh, also all the doors and windows are locked and locked and he just realized he’s being held in prison.

In addition to being a great way to read classic literature, the newsletter has gone viral on Tumblr this year, giving it an air to read as part of the world’s most turbulent book club. It is glorious:

Today is May 8. Our good friend Jonathan only tries to shave when the count sneaks up on him and throws his mirror out the window. Strange, considering that he did not see the count approaching him in the mirror.

He may also be trapped in the castle.

– Wonnie | Ongoing charity May 8, 2022

The newsletter is the brainchild of Matt Kirkland, formerly known online for his stupid cuneiform service, which takes your bad tweets and turns them into cuneiform tablets of clay, posted to you by mail, ensuring (maybe) your message is preserved. witterings for future generations. Honestly, it’s really nice to remember that sometimes people do amazing things on the internet. More of this, please! Share cool stuff with me if you find it on the internet, please! See you next week!

Wider Techscape

  • Uber CEO warns his employees that the company He’ll have to start making money soonAnd things are about to get weird. “The average age of an employee at Uber is barely over 30 years old. Which means you have spent your career in a long and unprecedented climb. The next period will be different…”

  • By showing that there’s no trend that Facebook can’t jump on a year into hindsight, a few Instagram users will be able to post NFTs from next week. In other news, the market has likely made it to the top.

  • As Roe v Wade approaches the coup, American women are beginning to question which companies they can trust with their personal data, and when they can be sent to prison for health care. the answer? A little frustrated.

  • Two more massive AI achievements since we last spoke. DeepMind’s Flamingo (good name) can do very complex tasks with just a few examples (watch the videos here); Facebook’s OPT-175B (bad name) is essentially a version of the well-known GPT-3, but with a carbon footprint of 1/7 the size thanks to improvements in how it is trained – and a “high propensity” for racism and bias.

  • The iPod is, finally, dead. For more than half its life, the once iconic music player has decimated the undead’s existence, surviving only as a stripped iPhone. Now, even the iPod Touch no longer exists. The past 14 years are nothing compared to the first seven, but it’s hard not to feel some nostalgia.

Leave a Comment

Your email address will not be published.