FIDO
Latest
Google's updated Titan security key can store up to 250 passkeys
Google has updated its lineup of Titan security keys with some features that'll make them work better with passkeys as well as passwords.
Google begins adding passkey support in Android and Chrome
Google has begun rolling out initial passkey support for Android and Chrome.
Major Rogers outage causes internet and mobile network issues across Canada
911 services and payment network Interac have also been affected.
LastPass no longer requires a password to access your vault
LastPass now lets you access your vault without a password.
Apple, Google and Microsoft commit to 'end-to-end' password-free sign-ins
Apple, Google and Microsoft are uniting to improve support for password-free sign-ins across your devices.
Google open-sources the tools needed to make 2FA security keys
Security keys are designed to make logging in to devices simpler and more secure, but not everyone has access to them, or the inclination to use them. Until now. Today, Google has launched an open source project that will help hobbyists and hardware vendors build their own security keys, and contribute to the technology's ongoing development.
Apple may offer tighter iOS parental controls this week
Apple's flurry of iOS updates might include one more substantial tweak before the holiday break. Vietnamese carrier Viettel has posted a page that hints at a release for iOS 13.3 (plus a minor watchOS 6.1.1 update) this coming week, most likely on or before December 11th. The new software could represent a big deal for parents thanks to the ability to limit access to contacts in Screen Time -- you can specify who your kids can talk to and when. This only applies to voice calls, FaceTime and Messages, but it could be helpful if you'd rather not let your child hold all-night video chats with their friends.
Windows 10 update pushes Microsoft closer to a password-free future
With its Windows 10 May 2019 update, Microsoft is getting one step closer to eliminating passwords. The company's Windows Hello has earned its FIDO2 certification -- an industry standard that deems Windows Hello a secure authenticator. Now, users running Windows 10 version 1903 will be able to login to devices, apps and online services using biometrics or PINs, rather than passwords.
Android will support more password-free sign-ins
It just became that much easier to ditch passwords on your phone. Android is officially FIDO2 certified, making it possible to sign into supporting apps and websites (such as pages that rely on the WebAuthn standard) using a fingerprint or a physical security key. You might not have to punch in a passcode every time you want to check your bank statement, for instance.
Biometric security now has an industry-wide testing standard
Biometric security is par for the course on smartphones and increasingly common on PCs, but there hasn't been a standard way to verify that the technology passes muster. That's where the FIDO Alliance might help. It's launching a first-of-its-kind Biometric Component Certification Program that will use independent labs to test the performance and security of fingerprint readers, face recognition and other sign-in devices across the industry. If a vendor wants to show that its face unlock feature can't be fooled by a photo, it won't have to jump through hoops to prove it.
Google Chrome now supports more password-free sign-ins
Google is acting on its promise to banish more passwords. It just released Chrome 67 for the desktop, bringing the Web Authentication standard to what's arguably the most popular browser. As with Firefox, the technology allows password-free sign-ins (such as USB keys) through virtually any website rather than having to access specific services. And don't worry if you're still comfortable typing things in -- there are a few other useful additions.
Windows 10 update will support more password-free logins
It's not just web browsers that are moving beyond passwords. Microsoft has revealed that Windows 10's next update will support the new FIDO 2.0 standard, promising password-free logins on any Windows 10 device managed by your company or office. You could previously use Windows Hello to avoid typing in a password, of course, but this promises to be more extensive -- you could use a USB security key to sign into your Azure Active Directory.
Web standard brings password-free sign-ins to virtually any site
Tech companies have been trying to do away with web passwords for years, but now it looks like they've reached a key milestone. The FIDO Alliance and W3C have launched a Web Authentication standard that makes it easier to offer truly unique encryption credentials for each site. That, in turn, lets you access virtually any online service in a PC browser through password-free FIDO Authentication, not just specific services. You can continue to use familiar methods like fingerprint readers, cameras and USB keys, and it can serve both in place of and in addition to passwords.
Facebook offers extra security with USB key support
None of us want strangers accessing our accounts online. You might use a password manager, or two-factor authentication via SMS, but there's another way you can stay protected -- physical security keys. Following Google, Dropbox and others, Facebook has added support for these privacy-centric dongles today. When you log into your account, that means you can choose to prove your identity with a special USB stick (that supports the open Universal 2nd Factor (U2F) standard), rather than a code sent to your phone. Yes, it's another object to keep on your keychain, but in return, you'll be getting a superior level of protection.
Google Authenticator takes security codes from your smartwatch
It can be annoying to set up two-factor authentication and boost the security of your accounts, but Google may have found a way to ease your pain. It's delivering an update to Authenticator for Android that not only touts a "refreshed" design, but receives codes from Android Wear smartwatches. You're no longer stuck using this solely on your phone. To top things off, Google is rolling in early support (sadly, developer-only) for the FIDO Alliance's NFC Security keys -- in the future, you may only need to tap devices together to sign in. If you can't bear the thought of logging in with a regular password, you'll want to grab this upgrade in short order.
Lock down your Dropbox account with a USB security key
If you're so concerned about the security of your Dropbox account that even two-factor authentication through your phone seems too risky, you can rest easy. The cloud storage outfit has added support for USB keys as part of the two-factor sign-in process. Rather than punch in a code, you just plug in a stick to prove that it's really you. You'll need a key that meets FIDO's Universal 2nd Factor standard, but this key will also work with Google and any other U2F-capable service. Frankly, this is a long-due upgrade -- if you regularly access Dropbox from PCs, you won't have to worry quite so much that someone will get your login details and swipe your files.
Governments want to get rid of passwords, too
It's not just giant tech companies that want to put an end to passwords. Both the US' National Institute of Standards and Technology and the UK's Office of the Cabinet have become the first government bodies to join the FIDO Alliance, giving them a direct say in building more secure (and more universal) sign-in systems. Given how often governments depend on fingerprinting, smart cards and other physical identification methods, the move makes a lot of sense -- they want to encourage security measures that make it tougher for hackers to swipe sensitive data. It'll be a while before you see the influence of these new partners, but you may well be using government-grade ID to access your PC or phone in the future. [Image credit: Shutterstock/Pedro Miguel Sousa]
Google heads list of 16 companies trying to kill passwords
People don't put enough thought into passwords because it's a pain, but that creates security problems for the whole internet. Google, Microsoft and others in the FIDO Alliance want to replace passwords with fingerprint scanning and other techniques, and just unveiled 31 products from 16 companies that conform to the new standard. The most recognizable of those is Google's login service, which implemented USB key locks that eliminate mobile phones in 2-step identification late last year. Others on the list include Samsung's PayPal authorizing fingerprint system, and Nok Nok, which allows Apple's Touch ID fingerprint scanner to work with third-party apps.
Tech industry completes its standards for banishing passwords
Hate typing passwords? You might not have to enter them for much longer. The FIDO Alliance (backed by Google, Microsoft, PayPal and Samsung, among others) has just published the completed versions of its password-free standards for both regular and two-factor authentication. Apps and websites using the technology can now rely on a number of easier and typically more secure ways to sign you in, such as fingerprint readers and USB dongles, without having to worry about the exact device you're using. There are already some hardware and software solutions that play nicely with FIDO, but the existence of firm specs should significantly boost your choices in 2015.
Google now lets you prove your identity with a USB security key
It shouldn't surprise you that Google's a big proponent of online security, and that's why it's rolling out support for a new way to prove you are you who are: a USB Security Key. Google's normal approach to two-step authorization involves getting a text on your phone to verify your identity, but that isn't always ideal. Maybe you suck at keeping your phone charged. Or maybe you're abroad (your author's had to deal with that particular headache a few times) and don't want to get slammed with roaming charges. Having a dedicated secure USB key around means you'll be able to log into Google's ecosystem without having to worry about phishing or having your phone handy.