Some of the world’s biggest tech companies have announced plans to try and remove the need for passwords for good.
Apple, Google and Microsoft have joined forces to push the wider availability of passwordless logins in a major way, promoting instead a common standard to implement widely-used and convenient passwordless sign-ins, across all their platforms.
That standard – created by the FIDO Alliance and World Wide Web Consortium – is a big step on from what’s used for more secure logins, over and above a basic username and password, right now. Namely the likes of two-factor authentication (2FA, which represents a second login step of a verification code texted to a smartphone for example) or the use of an app like a password manager.
Bye bye passwords?
FIDO authentication already facilitates passwordless sign-in across some websites and apps, but the big difference here is about making the process not just more widely adopted, but more secure due to an end-to-end passwordless option.
What this means is that users will no longer have to sign-in for the initial login across every website or app, on every individual device, to enable passwordless access in the first place. Instead, people will simply login by unlocking their phone – via whatever method they normally employ, like a fingerprint reader for example, or PIN – and that’ll automatically unlock the account.
So, say you’re logging in to a website on your PC, all you’ll need is to have your smartphone on you, and it’ll be possible to sign-in to the site on your computer’s browser by unlocking the phone – that’s all there is to it (the phone stores the FIDO ‘passkey’ used to access the account).
In short, you can forget all about passwords in this new online world being ushered in, and with supporting sites and services, all you’ll need is your phone and its login method.
Analysis: The full rollout will take some time, though…
So, when is this big step forward on the security front going to happen, you may well be wondering? The three tech giants say they plan to facilitate this across all their major platforms over the course of the coming year.
For Google, that of course means Android and Chrome, for Apple, macOS, iOS and Safari, and for Microsoft, Windows and Edge.
The end result of this should be a massive increase in support for these more secure FIDO-based logins, streamlining and simplifying sign-ins by ditching passwords (and related second-layer security such as 2FA).
As we already touched on, this is not just about convenience, but also security, as it’s no secret how wonky traditional passwords can be when people come up with easy to remember passwords – which are easily guessable – and they reuse them multiple times.
Or indeed folks fall prey to things like phishing scams which can extract usernames and passwords, or alternatively through no fault of their own, details can be leaked online via a third-party data breach. All of these dangers are swept away with this new passwordless approach, thankfully.
All this won’t happen immediately, of course, and as mentioned, support is going to be worked on throughout the rest of this year, and into 2023, with effort needed to implement the system not just from the big three tech firms, but also site and app developers.
So, passwords aren’t going to disappear overnight – but the good news is that with this announcement, their days are now pretty firmly numbered…