How Tech Giants Are Preparing for a Password-free Future.

How Tech Giants Are Preparing for a Password-free Future.

Say goodbye to your password and hello to a new era of security.

In recent years, it’s become abundantly clear that passwords are no longer the most secure form of authentication. According to Verizon’s Data Breach Investigations Report (DBIR) 2022, password security issues are responsible for 80% of data breaches worldwide. Despite their flaws, passwords are still the most commonly used form of authentication. Given the dangers of password theft, Google, Microsoft and Apple announced in May this year their plans to support a common passwordless sign-in standard created by the Fast IDentity Online (FIDO) Alliance and the World Wide Web Consortium. Let’s take a deeper dive into the mechanism of passwordless authentication and what plans the three tech giants have in place for a password-free future.

What is FIDO Alliance?

Launched in July 2012, the FIDO Alliance is an open industry association with a single focused mission—to develop and promote authentication standards that will help reduce the world’s over-reliance on passwords. FIDO standards allow you to use multiple forms of authentication including biometrics, voice and facial recognition, Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE) and smart cards.

How does passwordless authentication work?

In a passwordless authentication system, ‌users can select the primary device to log on to apps, websites and other services. For instance, you can sign in to your email account using the same method (e.g. fingerprint, PIN or face recognition) that you use to unlock your phone. Then, a one-of-a-kind FIDO sign-in credential or passkey will be generated and shared between your phone and the website. Thus, you don’t have to type in passwords every time you are signing on to web services.

This new approach is more secure than passwords and other legacy methods, like one-time passcodes sent over SMS. Passkey is much safer than signing in with a site-specific password since it’s based on public key cryptography and will only be visible to your online account after unlocking your device. The method employs cryptographic keys and stores credentials for several devices in the cloud.

What are Google, Apple and Microsoft’s plans to support passwordless authentication?

The latest announcement from these companies will allow users to opt into two new features: First, you’ll be able to use your passkeys to sign in to multiple devices, including new ones, without re-enrolling every account. Second, users can use FIDO authentication on their mobile devices to sign in to an app or website on a nearby device, regardless of whether it is running Apple or Android OS. 

Image courtesy of Google

For example, as per Vasu Jakkal, Microsoft’s vice president for security, compliance, identity and privacy, “Users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.” Apple, Google and Microsoft intend to make the new sign-in standards available across platforms next year.

This makes it much more convenient for users with multiple accounts and passwords—or who always forget their passwords—as all you need is a fingerprint or iris scan. Plus, password-free methods are much more secure than traditional passwords since they cannot be guessed or brute-forced. 

Who is winning the race?

So far, Microsoft has been the most aggressive company in embracing passwordless authentication. The company recently announced that its Azure Active Directory service would soon support passwordless sign-ins for Microsoft accounts. 

Google has also been looking to adopt passwordless methods for a while. In January 2021, the tech company announced that Chromebooks would be getting new features that will allow users to sign in to devices and websites faster and personalize their lock screens. Users can sign in to websites with Google’s Web Authentication, called WebAuth, with their fingerprint (if their devices come with a fingerprint scanner) or a device login PIN rather than a site-specific password. Websites that support WebAuth will notify you if it’s an option before you enter your login information. 

Potential drawback of passwordless login method

Despite the convenience, there are a few drawbacks to using passwordless methods like the FIDO Alliance’s passkey system. Firstly, passwordless login is still in its infancy, so not all websites accept them as of yet. Secondly, according to Ralph Rodriguez, the President and Chief Product Officer at digital identity trust company Daon, passkeys are not as strong as other FIDO standards (e.g. voice, touch and face recognition). With financial institutions, passkeys can’t be used on transactions because they cannot verify a user’s identity, which is mandatory due to Know Your Customer (KYC) standards. Thus, passkeys can pose heightened risks of synthetic fraud. So, users may still have to rely on other methods (like passwords) for financial activities. 

Also read:

Header image courtesy of Pexels

SHARE THIS STORY

Share on facebook
Share on twitter
Share on linkedin
Share on email

RELATED POSTS

What Should Employees Do in a Crisis

What Should Employees Do in a Crisis?

At the start of January 2023, a drunk man in an Air India flight’s business class urinated over a 72-year-old woman sitting beside him. The man, Shankar Mishra, was the Vice President of the financial services company Wells Fargo (he was fired following the incident). In itself, the incident is disgusting.

Top 5 AI Companies in the World

Top 5 AI Companies in the World

Technological developments are driven by the human need to make life easier and complete tasks faster and more efficiently. The drastic growth of technology in recent years has paved the way for artificial intelligence (AI) to become an integral part of almost every industry—from education and lifestyle to music and sports. It is everywhere. And by the looks of it, it is here to stay.

3 High Demand Metaverse Jobs in Future That Your Kids Should Look into

3 High Demand Metaverse Jobs in Future That Your Kids Should Look into

It’s no wonder why Jumpstart Media named “metaverse” one of the top emerging trends and technologies to look forward to in 2023. With an expected compound annual growth rate (CAGR) of 39.4% from 2022 to 2030, Grand View Research forecasts that the global metaverse market is set to expand exponentially. From fashion shows, gaming, luxury products, sports and travel to art, many industries are tapping into the metaverse’s potential.

4 Most Anticipated Tech IPOs of 2023

4 Most Anticipated Tech IPOs of 2023

The technology industry has been a driving force in shaping the global economy for decades and the initial public offerings (IPOs) of technology companies are often highly-anticipated events. In 2022, the tech IPO market saw a slowdown compared to the previous year, 2021.

5-Luxury-Items-That-Are-Worth-the-Investment

5 Luxury Items That Are Worth the Investment

The world of luxury items is one of elegance and exclusivity, with their value increasing as time passes. They are unattainable and highly coveted by the masses. Plus, luxury products have a Veblen effect on the market—as their price rises, their demand does, too.

How Do You Know When to Give Up on Your Startup?

How Do You Know When to Give Up on Your Startup?

Starting a new business is never an easy task. You put your heart into it and spend countless hours working on what you believe will make someone happy or solve society’s problems. But sometimes, startups don’t work out as planned—this can be both disheartening and discouraging.