How Tech Giants Are Preparing for a Password-free Future.

How Tech Giants Are Preparing for a Password-free Future.

Say goodbye to your password and hello to a new era of security.

In recent years, it’s become abundantly clear that passwords are no longer the most secure form of authentication. According to Verizon’s Data Breach Investigations Report (DBIR) 2022, password security issues are responsible for 80% of data breaches worldwide. Despite their flaws, passwords are still the most commonly used form of authentication. Given the dangers of password theft, Google, Microsoft and Apple announced in May this year their plans to support a common passwordless sign-in standard created by the Fast IDentity Online (FIDO) Alliance and the World Wide Web Consortium. Let’s take a deeper dive into the mechanism of passwordless authentication and what plans the three tech giants have in place for a password-free future.

What is FIDO Alliance?

Launched in July 2012, the FIDO Alliance is an open industry association with a single focused mission—to develop and promote authentication standards that will help reduce the world’s over-reliance on passwords. FIDO standards allow you to use multiple forms of authentication including biometrics, voice and facial recognition, Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE) and smart cards.

How does passwordless authentication work?

In a passwordless authentication system, ‌users can select the primary device to log on to apps, websites and other services. For instance, you can sign in to your email account using the same method (e.g. fingerprint, PIN or face recognition) that you use to unlock your phone. Then, a one-of-a-kind FIDO sign-in credential or passkey will be generated and shared between your phone and the website. Thus, you don’t have to type in passwords every time you are signing on to web services.

This new approach is more secure than passwords and other legacy methods, like one-time passcodes sent over SMS. Passkey is much safer than signing in with a site-specific password since it’s based on public key cryptography and will only be visible to your online account after unlocking your device. The method employs cryptographic keys and stores credentials for several devices in the cloud.

What are Google, Apple and Microsoft’s plans to support passwordless authentication?

The latest announcement from these companies will allow users to opt into two new features: First, you’ll be able to use your passkeys to sign in to multiple devices, including new ones, without re-enrolling every account. Second, users can use FIDO authentication on their mobile devices to sign in to an app or website on a nearby device, regardless of whether it is running Apple or Android OS. 

Image courtesy of Google

For example, as per Vasu Jakkal, Microsoft’s vice president for security, compliance, identity and privacy, “Users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.” Apple, Google and Microsoft intend to make the new sign-in standards available across platforms next year.

This makes it much more convenient for users with multiple accounts and passwords—or who always forget their passwords—as all you need is a fingerprint or iris scan. Plus, password-free methods are much more secure than traditional passwords since they cannot be guessed or brute-forced. 

Who is winning the race?

So far, Microsoft has been the most aggressive company in embracing passwordless authentication. The company recently announced that its Azure Active Directory service would soon support passwordless sign-ins for Microsoft accounts. 

Google has also been looking to adopt passwordless methods for a while. In January 2021, the tech company announced that Chromebooks would be getting new features that will allow users to sign in to devices and websites faster and personalize their lock screens. Users can sign in to websites with Google’s Web Authentication, called WebAuth, with their fingerprint (if their devices come with a fingerprint scanner) or a device login PIN rather than a site-specific password. Websites that support WebAuth will notify you if it’s an option before you enter your login information. 

Potential drawback of passwordless login method

Despite the convenience, there are a few drawbacks to using passwordless methods like the FIDO Alliance’s passkey system. Firstly, passwordless login is still in its infancy, so not all websites accept them as of yet. Secondly, according to Ralph Rodriguez, the President and Chief Product Officer at digital identity trust company Daon, passkeys are not as strong as other FIDO standards (e.g. voice, touch and face recognition). With financial institutions, passkeys can’t be used on transactions because they cannot verify a user’s identity, which is mandatory due to Know Your Customer (KYC) standards. Thus, passkeys can pose heightened risks of synthetic fraud. So, users may still have to rely on other methods (like passwords) for financial activities. 

Also read:

Header image courtesy of Pexels


Share on facebook
Share on twitter
Share on linkedin
Share on email


LinkedIn Launches Tools to Boost Job Seekers' Safety and Confidence

LinkedIn Launches Tools to Boost Job Seekers’ Safety and Confidence

Networking platform LinkedIn has introduced a range of tools to empower job seekers to confidently navigate their job search process while ensuring their safety and security. The latest updates include the implementation of verifications on job posts, enabling the display of verified information about job posters or their companies.

A Step-by-Step Guide

The Power of a Wikipedia Page for Your Business: A Step-by-Step Guide

The one thing that builds trust between your company and its potential customers is having its own Wikipedia page. It is the first thing that shows up when someone looks up your company (besides your website of course!) and gives potential customers all the information they might need about your business.

Top 5 Unique Pet Care Startups to Watch

From Diagnostics to Play Dates: Top 5 Unique Pet Care Startups to Watch

All pet owners out there understand the feeling of wanting to do whatever it takes to make their furry companions’ lives just a little bit more comfortable. It is perhaps that exact feeling that has made the average pet owner spend over US$1,300 on pet care a year. According to a 2021 survey conducted by the market research firm OnePoll, 52% of Americans spend more on their pets than they do on themselves each year.

Course5 Intelligence Gains US$55 Million Funding Boost

Course5 Intelligence Gains US$55 Million Funding Boost; Closes First Round Successfully with 360 ONE Asset’s Tech Fund

Analytics and artificial intelligence (AI) solutions company Course5 Intelligence has recently announced its plans to raise a funding round of USD 55 million. The initial closing of the funding round was achieved through the participation of 360 ONE Asset Management Limited’s Tech Fund, which specializes in investing in promising technology companies. Leading the round, 360 ONE Asset invested US$28 million in Course5.

How to Find Your Company’s North Star Metric to Ensure Success

How to Find Your Company’s North Star Metric to Ensure Success

In the world of business, having a singular goal to focus on can be the key to success. That’s where the North Star Metric (NSM) comes in. Coined by startup investor Sean Ellis, the NSM is the measure of the value a company is delivering to its customers and is used as a means to predict the growth of the business.