On May 5 – World Password Day – we may have come one step closer to saying that passwords are a thing of the past.
In a joint effort, technology giants Apple, Google and Microsoft announced on Thursday morning that they have pledged to build password-free support on all mobile, desktop and browser platforms they control next year. In practice, this means that password-free authentication will come to all major device platforms in the not-too-distant future: Android and iOS mobile operating systems; Chrome, Edge and Safari browsers; and Windows and macOS desktops.
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, senior director of marketing for platform products at Apple. “Working with industry to create new, more secure login methods that offer better protection and remove password vulnerabilities is central to our commitment to building products that offer maximum security and a transparent user experience – everything this in order to keep users “safe personal information.”
Presentation of a login image without a password: FIDO Alliance
The password-free login process will allow users to choose their phones as the primary authentication device for apps, websites and other digital services, as Google details in a blog post released Thursday. Unlocking the phone with what is set as the default action – entering a PIN, drawing a pattern or using fingerprint unlocking – will be enough to log in to web services without having to enter a password at all, which is possible by using a unique cryptographic token called an access key that is shared between the phone and the website.
By making logins dependent on a physical device, the idea is for users to benefit from simplicity and security at the same time. Without a password, you won’t have to remember to log in to different services or compromise security by reusing the same password in multiple places. Similarly, a password-free system will make it much harder for hackers to compromise remote login data, as login requires access to a physical device; and, in theory, phishing attacks that target users to a fake password-grabbing website will be much more difficult to install.
Vasu Jakal, Microsoft’s vice president of security, compliance, identity and privacy, emphasized the degree of interoperability between the platforms. “With the access keys on your mobile device, you can access an app or service on almost any device, regardless of the platform or browser on which the device runs,” Jackal said in an email statement. “For example, users can access a Google Chrome browser running Microsoft Windows using an Apple device access key.”
Consumers will benefit from both simplicity and security
Cross-platform functionality is made possible by a standard called FIDO, which uses the principles of public key cryptography to enable password-free authentication and multi-factor authentication in a number of contexts. The user’s phone can store a unique FIDO-compliant access key and will only share it with an authentication website when the phone is unlocked. According to a Google publication, access keys can be easily synced to a new cloud backup device in case the phone is lost.
Although many popular applications already include FIDO authentication support, initial login requires the use of a password before FIDO can be configured – meaning that users are still vulnerable to phishing attacks that see passwords intercepted or stolen along the way.
But the new procedures will remove the original password requirement, as Sampat Srinivas, Google’s director of secure authentication product management and president of the FIDO Alliance, said in a statement sent to The Verge.
“This expanded support for FIDO, which was announced today, will enable websites to deploy a password-free end-to-end password-resistant experience for the first time,” Srinivas said. “This includes both the first login to the website and the second login. When support for access keys becomes available across the industry in 2022 and 2023, we will finally have the internet platform for a truly future without passwords.
So far, Apple, Google and Microsoft have said they expect new sign-in options to be available on all platforms next year, although no specific roadmap has been announced. Although the conspiracy to destroy the password has been going on for years, there are indications that this time it may have finally succeeded.
Add Comment