![]() ![]() iCloud Keychain’s password manager is built in to your Apple devices, and we’ve made APIs available for third parties to integrate their own password managers into the system. Password managers can create strong, unique passwords per account, and can provide hints about some forms of possible phishing. But it turns out that people generally aren’t good at coming up with and remembering strong and unique passwords for every account. At first, passwords were mostly stored in people’s heads. Authentication technology has continued to evolve to try to mitigate some of these risks. In fact, according to the 2020 Verizon Data Breach Investigation Report, more than 80 percent of hacking-related data breaches involved the brute force of credentials or using lost or stolen credentials. ![]() And if a secret like a password does get out, using weak passwords or reusing the same password across multiple accounts can quickly compound the problem. Phishing - such as fake emails and phone calls or misleading websites - is the most common way for the wrong party to learn a secret. Each time that secret is shared, there’s a risk that someone other than the intended recipient learns that secret. Most authentication today relies on the user and server sharing a secret - like a password - when the account is created, and resharing that secret during every authentication. ![]() First off, protecting secrets is hard, especially when those secrets are shared. As authentication technologies have evolved over the years, there are a few fundamental lessons that the industry has learned. But developers, users, and the industry as whole have collectively learned that this great convenience of being able to quickly authenticate to sign in to an account comes at a cost to account security. The iconic User name and Password field pair is instantly recognizable and really easy to use, and most people immediately know what to do when they encounter it. Every time you sign in to an app or website today, you’re probably entering a password. ♪ Bass music playing ♪ ♪ Garrett Davidson: Hi, I’m Garrett, an engineer on the Authentication Experience team, and I'm very excited to give you a peek into what we’ve been working on: the first step Apple is taking to support the industry-wide transition away from passwords. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |