The first Thursday of every May is World Password Day, and it’s the perfect time to beef up your password security habits.
Apple, Google and Microsoft announced Thursday, May 5, their plans to adopt features that would support passwordless sign-ins for websites and apps.
The FIDO Alliance (FIDO is the acronym for “fast identity online”) said it is working with the three companies to start offering passwordless technology to major websites and apps. Rather than using unreliable password sign-ins (or log-ins), apps and websites could identify who you are with just a face scanner, fingerprint reader, or even your phone.
Kurt Knight, Apple’s Senior Director of Platform Product Marketing Kurt Knight said, “Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
A passwordless log-in procedure will allow users to use their phones as the main authentication device for websites, apps and other digital services, as Google discussed in detail on a blog post. Unlocking the phone by means of whichever is set as the default action (entering a PIN, using a fingerprint unlock, or drawing a pattern) will be enough verification to sign in to web services without having to enter a password, and this is made possible via the use of a unique cryptographic token known as a passkey that is shared between the phone and the website.
By making log-ins reliant on a physical device, the concept is that users will benefit from security while still keeping it simple. Without a password, there’s going to be no more obligation to remember log-in details across services, or risk security by reusing the same password in multiple places online. Furthermore, a passwordless system will make it more difficult for hackers to compromise log-in details remotely since signing in requires one to access to a physical device; and theoretically, phishing scams where users are directed to a fake website for password capture shall be harder to mount.
Apple, Google and Microsoft stated that the new sign-in capabilities will become available across platforms next year.
Image: Analytics Insight