On May 5th, World Password Day, we might have come one step closer to passwords being a thing of the past.
In a joint effort, Apple, Microsoft, and Google have committed to building support for passwordless sign-in across all of their platforms in the coming year. Passwordless authentication will come to all major device platforms in the not too distant future, including the Windows and macOS desktop environments.
Kurt Knight, senior director of platform product marketing at Apple, said that they design their products to be private and secure.
A passwordless login process will allow users to choose their phones as the main device for securing their digital services, according to a post published Thursday. If you want to sign in to web services without ever entering a password, you can use a PIN, draw a pattern, or use a fingerprint to get your phone unlocked.
The idea is that users will benefit from simplicity and security by making their logins contingent on a physical device. Without a password, there is no obligation to remember login details across services or to reuse the same password in multiple places. Passwordless systems will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much harder to mount.
Microsoft's vice president for security, compliance, identity, and privacy emphasized the degree of compatibility across platforms.
Users will simultaneously benefit from simplicity and security
FIDO is a standard that uses the principles of public key cryptography to enable passwordless and multi-factor authentication in a range of contexts. A user's phone can be used to store a unique FIDO-compliant passkey, which can be shared with a website only when the phone is unlocked. If a phone is lost, passkeys can be easily sync to a new device from the cloud.
Many popular applications already included support for FIDO, but initial sign-on has required the use of a password before FIDO can be configured, meaning that users were still vulnerable to phish attacks.
The new procedures will eliminate the requirement for a password in the first place, according to Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance.
This extended FIDO support will make it possible for websites to implement passwordless security for the first time. We will finally have the internet platform for a passwordless future when passkey support is available across the industry.
The new sign-in capabilities are expected to be available across platforms in the next year, although a more specific roadmap has not been announced. There are signs that the plan to kill the password may have succeeded.