Without a password, you can make the Internet more secure.

Without a password, you can make the Internet more secure.

Most people living in the Internet Age will feel a headache for the "password" issue. Although users need to enter the user name and password when registering an Internet service, many surveys have found that this "password" does not play much protection, the most common passwords are very simple, such as 123456.

People who pay a little attention to network security will use different passwords when registering different services, but this will cause another trouble, it is also annoying to remember so many different passwords. In order to solve the Password security problem, someone has made an application like 1 Password to help people manage passwords. But this is not the final solution.

To ensure the password is absolutely secure, the best practice is to discard the password and use a brand new method to log on to the Internet service.

According to The Next Web, W3C, The maker of Internet standards, has set up a group to develop a new Internet identity authentication mechanism. Google, Microsoft, and PayPal once proposed a verification method FIDO 2015 in 2.0. This system will become the framework of a new Internet authentication mechanism.

In short, FIDO wants to use your mobile phone to verify your identity. The most understandable scenario is that when you log on to a website, the website will send a verification code to your mobile phone. You enter the verification code to log on without setting a password for the website.

Some services have now abandoned allowing users to log on with their passwords. Lyft, a taxi hailing service in the United States, is one of them. Its login method is through text message verification.

In terms of convenience, it may take more time to accept the text message verification code and log on again than to directly use the password. However, many services are always used after logon, and do not need to log on frequently. The last time you entered the password to log on, you may need to change your mobile phone.

What's more, the text message verification code is only one way to verify the identity through the mobile phone, the web version of scan login can also be one of them. Other verification methods include fingerprint and sound.

In terms of security, there is no risk of password leakage after the password is discarded. Of course, the proposed verification method is very dependent on mobile phones, and a great risk is transferred to mobile phones. To some extent, this transfers network risks to the real world. If someone takes your mobile phone and logs on to your webpage, This is not unsafe, instead, you have not taken care of your cell phone.

FIDO has also taken this into consideration and designed defense measures after the loss of users' mobile phones. After the phone is lost, you can report to the certification authority that this phone cannot be used for any login operation. However, verifying "You Are you" and "the person holding your mobile phone is not you" may become a problem (if it is verified by biological information, such as fingerprint, will be relatively simple ).

It is still a long time before the FIDO-based authentication method becomes a standard. The method of abandoning passwords to verify user identity information will not become popular overnight. However, there will always be some Internet services that will first use new verification methods, and some services will always evolve slowly.