https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
Apple, Google & Microsoft want to kill the password with Passkey standard

Apple, Google, and Microsoft are launching a "joint effort" to kill the
password.

The major OS vendors want to "expand support for a common passwordless
sign-in standard created by the FIDO Alliance and the World Wide Web
Consortium."

The standard is being called either a "multi-device FIDO credential" or
just a "passkey."

Instead of a long string of characters, this new scheme would have the app
or website you're logging in to push a request to your phone for
authentication. From there, you'd need to unlock the phone, authenticate
with some kind of pin or biometric, and then you're on your way.

This sounds like a familiar system for anyone with phone-based two-factor
authentication set up, but this is a replacement for the password rather
than an additional factor.

Some push 2FA systems work over the Internet, but this new FIDO scheme
works over Bluetooth. As the whitepaper explains, "Bluetooth requires
physical proximity, which means that we now have a phishing-resistant way
to leverage the user's phone during authentication." Bluetooth has a
terrible reputation for compatibility, and I'm not sure "security" has ever
been a real concern, but the FIDO alliance notes that Bluetooth is just "to
verify physical proximity" and that the actual sign-in process "does not
depend on Bluetooth security properties."

That means both devices will need Bluetooth on board, which is a given for
most smartphones and laptops but could be a tough ask for older desktop
PCs.

Am 06.05.22 um 01:44 schrieb NewsKrawler:
> https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
> Apple, Google & Microsoft want to kill the password with Passkey standard
>
> Apple, Google, and Microsoft are launching a "joint effort" to kill the
> password.
>
> The major OS vendors want to "expand support for a common passwordless
> sign-in standard created by the FIDO Alliance and the World Wide Web
> Consortium."
>
> The standard is being called either a "multi-device FIDO credential" or
> just a "passkey."
>
> Instead of a long string of characters, this new scheme would have the app
> or website you're logging in to push a request to your phone for
> authentication. From there, you'd need to unlock the phone, authenticate
> with some kind of pin or biometric, and then you're on your way.
>
> This sounds like a familiar system for anyone with phone-based two-factor
> authentication set up, but this is a replacement for the password rather
> than an additional factor.
>
> Some push 2FA systems work over the Internet, but this new FIDO scheme
> works over Bluetooth. As the whitepaper explains, "Bluetooth requires
> physical proximity, which means that we now have a phishing-resistant way
> to leverage the user's phone during authentication." Bluetooth has a
> terrible reputation for compatibility, and I'm not sure "security" has ever
> been a real concern, but the FIDO alliance notes that Bluetooth is just "to
> verify physical proximity" and that the actual sign-in process "does not
> depend on Bluetooth security properties."
>
> That means both devices will need Bluetooth on board, which is a given for
> most smartphones and laptops but could be a tough ask for older desktop
> PCs.

Too complicated and time consuming. More hardware involved.
A fingerprint reader or an iris-scanner is much more acceptable.

--
De gustibus non est disputandum