当前位置:网站首页>How to protect user privacy without password authentication?
How to protect user privacy without password authentication?
2022-07-05 14:17:00 【HMS Core】
In the Internet world , Verifying user identity is a common and important scenario , The most widely used method is account password verification . As developers' requirements for authentication security continue to improve , In addition, users pay more attention to privacy and convenience in the process , Authentication methods are gradually diversified , With dynamic token 、 SMS verification code 、 Biometric authentication and other methods . This article mainly from the perspective of security , Discuss the security vulnerabilities of several common authentication methods , Provide more advantageous solutions for developers .
The security risks of common authentication methods are as follows :
Since both static and dynamic password authentication methods have vulnerabilities , Then whether authentication can be independent of passwords ?
Actually , Long ago , Someone began to imagine “ Password-free login ”. Of course ,“ Password-free login ” It does not mean that there is no password , Instead, use a new authentication method , To replace the existing password authentication system .HMS Core Online Fast Authentication Service (HMS Core FIDO) Based on this starting point , It provides a more advantageous solution for developers : User authentication without password , Provide local biometric authentication and online fast authentication capabilities , It can be used for user login 、 Purchase payment and other scenarios , meanwhile , Through system integrity detection and key verification mechanism , To ensure that the verification results are safe and reliable . The implementation process is as follows .
In terms of security , First ,HMS Core FIDO It avoids the user entering the account password manually , Therefore, there is no need to worry about the risk of account password disclosure .
secondly , Use HMS Core FIDO There is no need for users to carry additional second authentication devices .App The user's identity can be verified through the built-in components of the user's mobile phone , Such as fingerprint verifier 、3D Face sensor 、 Iris verifier, etc . If App Hope to strengthen the verification , In addition to using or inserting the second device , Users' mobile phones can be directly used as security key hardware , Complete authentication . A cell phone , Support multiple verification scenarios , Users do not need to carry additional equipment ,HMS Core FIDO It not only improves the user experience , At the same time, it also reduces the deployment cost of Internet service providers .
Last , The user biometric information used in the verification process will never leave the user's device , It can only be used after unlocking locally , Therefore, there is no need to worry about leaking user data from the server .
In addition to providing secure authentication ,HMS Core FIDO It can also help developers optimize the user experience .
HMS Core FIDO The protocol is always designed around protecting users' privacy , These protocols do not provide information that can be used to track users on Internet platforms , If biometric technology is adopted , User biometric information will never leave the user device . This is compared with the traditional biometric authentication , Great improvements have been made in security and privacy protection , Because traditional biometric authentication will collect user data to the server , Once the server data leaks , There will be serious consequences . From the user's point of view , The privacy experience has been greatly improved .
During authentication , The user operation is simple , The process is smooth and uninterrupted , Don't spend too much time waiting , For example, accept the verification code 、 Enter the password, etc .
HMS Core FIDO Application scenarios of
at present ,FIDO Technology has been developed by global equipment manufacturers 、 Widespread recognition of Internet service providers , Including some large banks and other financial institutions 、 Government network platform, etc , Mature application in high security scenarios involving capital changes , Such as : Shopping websites or App Purchase payment 、 Digital currency transfer 、 Mobile Banking ( Online Banking Service ) Large transactions in , wait . Take the use process for example ,App Check whether the device supports when the user logs in HMS Core FIDO, If the support ,App It can guide users to open fingerprints or 3D Face login , Users only need to verify their fingerprints or 3D Face can be .
HMS Core FIDO Is based on FIDO Standardize the open capabilities for developers at home and abroad , It can help Internet service providers to make the authentication process more secure 、 It's simpler , At the same time, it can also gain a better user experience .FIDO Its full name is Fast Identity Online standard , By FIDO The alliance has launched and continues to maintain a set of authentication framework protocols , It uses standard public key cryptography , Provide a more powerful authentication method .
Click to enter HMS Core FIDO Official website , obtain Development guidance document , Experience high-quality authentication capabilities .
Learn more >>
visit Official website of Huawei developer Alliance
obtain Development guidance document
Huawei mobile service open source warehouse address :GitHub、Gitee
Pay attention to our , The first time to understand HMS Core Latest technical information ~
边栏推荐
- R語言ggplot2可視化:可視化折線圖、使用theme函數中的legend.position參數自定義圖例的比特置
- Login interface code
- Kunlun Taike rushes to the scientific innovation board: the annual revenue is 130million, and it plans to raise 500million. CETC Taiji holds 40% of the shares
- What is the ranking of GF futures? Is it safe and reliable to open an account for GF futures online?
- 魅族新任董事长沈子瑜:创始人黄章先生将作为魅族科技产品战略顾问
- 一网打尽异步神器CompletableFuture
- R语言ggplot2可视化:可视化折线图、使用theme函数中的legend.position参数自定义图例的位置
- R语言ggplot2可视化:gganimate包基于transition_time函数创建动态散点图动画(gif)、使用shadow_mark函数为动画添加静态散点图作为动画背景
- R语言使用原生包(基础导入包、graphics)中的boxplot函数可视化箱图(box plot)
- R language ggplot2 visual density map: Visual density map by group and custom configuration geom_ The alpha parameter in the density function sets the image transparency (to prevent multiple density c
猜你喜欢
Redis如何实现多可用区?
Current situation, trend and view of neural network Internet of things in the future
Why do mechanical engineers I know complain about low wages?
Shen Ziyu, nouveau Président de Meizu: M. Huang Zhang, fondateur de Meizu, agira comme conseiller stratégique pour les produits scientifiques et technologiques de Meizu
魅族新任董事長沈子瑜:創始人黃章先生將作為魅族科技產品戰略顧問
Tdengine biweekly selection of community issues | phase III
Oneconnect listed in Hong Kong: with a market value of HK $6.3 billion, ye Wangchun said that he was honest and trustworthy, and long-term success
世界环境日 | 周大福用心服务推动减碳环保
国富氢能冲刺科创板:拟募资20亿 应收账款3.6亿超营收
-Web direction attack and defense world
随机推荐
Fault analysis | analysis of an example of MySQL running out of host memory
Introduction, installation, introduction and detailed introduction to postman!
R Language ggplot2 Visualization: visualize linegraph, using Legend in Theme function. Paramètre de position emplacement de la légende personnalisée
Faire un clip vidéo auto - média deux fois, comment clip n'est pas considéré comme une infraction
Current situation, trend and view of neural network Internet of things in the future
Sharing the 12 most commonly used regular expressions can solve most of your problems
世界环境日 | 周大福用心服务推动减碳环保
R language dplyr package select function, group_ By function, mutate function and cumsum function calculate the cumulative value of the specified numerical variable in the dataframe grouping data and
How to introduce devsecops into enterprises?
强联通分量
3W原则[通俗易懂]
循环不变式
关于Apache Mesos的一些想法
LeetCode_ 69 (square root of x)
04_ Use of solrj7.3 of solr7.3
Why do I support bat to dismantle "AI research institute"
做自媒体视频二次剪辑,怎样剪辑不算侵权
广发期货排名多少?网上办理广发期货开户安全可靠吗?
How to make a second clip of our media video without infringement
What category does the Internet of things application technology major belong to