Digital impressions, access keys, facial recognition: while password alternatives multiply, the end of this mode of connection, often announced, faces the habits of the general public.
By highlighting an evolution towards “safer” solutions, the American giant has been preparing for several years for this scenario. Since May, the accounts of the new users offer default a connection with alternatives to the more sophisticated passwords.
A frequent target of data leaks
In France, the tax site recently strengthened its IT safety policy, forcing users to validate their connection with a code received by email, in addition to their password.
“Passwords are often weak and reused,” recalls Benoît Grünemwald, cybersecurity expert in ESET, interviewed by AFP. Below eight characters, they can decipher in a few minutes, or even a few seconds during malicious acts.
Proof of the magnitude of the piracy: a gigantic database that contains about 16 billion identifiers and passwords, of the Hay files, was discovered in June by researchers from Cybebnews Media.
So many defects that led to a coordinated movement of several technological giants. The Fido Alliance (Allianza Fast Identity Online), which is among its members, Google, Microsoft, Apple, Amazon and more recently Tiktok, works to create and encourage the adoption of connections without password and promote the use of access keys.
These digital identifiers use a third -party device as a phone to allow connections through a PIN code or a biometric connection (digital imprint, facial recognition), instead of the password.
A more protective but less intuitive solution
A system that protects Internet users, emphasizes Troy Hunt, the host of the Haveibeenpwned site (“Was he trapped?”, Editor’s note): “With the access keys, you cannot accidentally give its key to a malicious site.” But for the Australian expert, he does not sign the end of the password.
If many large platforms strengthen the safety of connections, many sites continue to operate with simple passwords. And for users, the transition can be delicate.
The access keys, less intuitive to use, require a first installation phase. And its restart, in case of forgetting the PIN code or the loss of a telephone registered as a “trust device”, it is more difficult than a simple password recovery.
For Benoît Grünemwald, the transition to access keys requires new reflexes. “You must take care of your smartphone and devices, because they are the most objective,” he warns.
Source: BFM TV
