How Tech Giants Are Preparing for a Password-free Future.

How Tech Giants Are Preparing for a Password-free Future.

Say goodbye to your password and hello to a new era of security.

In recent years, it’s become abundantly clear that passwords are no longer the most secure form of authentication. According to Verizon’s Data Breach Investigations Report (DBIR) 2022, password security issues are responsible for 80% of data breaches worldwide. Despite their flaws, passwords are still the most commonly used form of authentication. Given the dangers of password theft, Google, Microsoft and Apple announced in May this year their plans to support a common passwordless sign-in standard created by the Fast IDentity Online (FIDO) Alliance and the World Wide Web Consortium. Let’s take a deeper dive into the mechanism of passwordless authentication and what plans the three tech giants have in place for a password-free future.

What is FIDO Alliance?

Launched in July 2012, the FIDO Alliance is an open industry association with a single focused mission—to develop and promote authentication standards that will help reduce the world’s over-reliance on passwords. FIDO standards allow you to use multiple forms of authentication including biometrics, voice and facial recognition, Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE) and smart cards.

How does passwordless authentication work?

In a passwordless authentication system, ‌users can select the primary device to log on to apps, websites and other services. For instance, you can sign in to your email account using the same method (e.g. fingerprint, PIN or face recognition) that you use to unlock your phone. Then, a one-of-a-kind FIDO sign-in credential or passkey will be generated and shared between your phone and the website. Thus, you don’t have to type in passwords every time you are signing on to web services.

This new approach is more secure than passwords and other legacy methods, like one-time passcodes sent over SMS. Passkey is much safer than signing in with a site-specific password since it’s based on public key cryptography and will only be visible to your online account after unlocking your device. The method employs cryptographic keys and stores credentials for several devices in the cloud.

What are Google, Apple and Microsoft’s plans to support passwordless authentication?

The latest announcement from these companies will allow users to opt into two new features: First, you’ll be able to use your passkeys to sign in to multiple devices, including new ones, without re-enrolling every account. Second, users can use FIDO authentication on their mobile devices to sign in to an app or website on a nearby device, regardless of whether it is running Apple or Android OS. 

Image courtesy of Google

For example, as per Vasu Jakkal, Microsoft’s vice president for security, compliance, identity and privacy, “Users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.” Apple, Google and Microsoft intend to make the new sign-in standards available across platforms next year.

This makes it much more convenient for users with multiple accounts and passwords—or who always forget their passwords—as all you need is a fingerprint or iris scan. Plus, password-free methods are much more secure than traditional passwords since they cannot be guessed or brute-forced. 

Who is winning the race?

So far, Microsoft has been the most aggressive company in embracing passwordless authentication. The company recently announced that its Azure Active Directory service would soon support passwordless sign-ins for Microsoft accounts. 

Google has also been looking to adopt passwordless methods for a while. In January 2021, the tech company announced that Chromebooks would be getting new features that will allow users to sign in to devices and websites faster and personalize their lock screens. Users can sign in to websites with Google’s Web Authentication, called WebAuth, with their fingerprint (if their devices come with a fingerprint scanner) or a device login PIN rather than a site-specific password. Websites that support WebAuth will notify you if it’s an option before you enter your login information. 

Potential drawback of passwordless login method

Despite the convenience, there are a few drawbacks to using passwordless methods like the FIDO Alliance’s passkey system. Firstly, passwordless login is still in its infancy, so not all websites accept them as of yet. Secondly, according to Ralph Rodriguez, the President and Chief Product Officer at digital identity trust company Daon, passkeys are not as strong as other FIDO standards (e.g. voice, touch and face recognition). With financial institutions, passkeys can’t be used on transactions because they cannot verify a user’s identity, which is mandatory due to Know Your Customer (KYC) standards. Thus, passkeys can pose heightened risks of synthetic fraud. So, users may still have to rely on other methods (like passwords) for financial activities. 

Also read:

Header image courtesy of Pexels

SHARE THIS STORY

Share on facebook
Share on twitter
Share on linkedin
Share on email

RELATED POSTS

GuideGeek Expands to Facebook Messenger to Offer Personalized Travel Tips

GuideGeek, Matador Network’s AI travel assistant powered by OpenAI, is now accessible to Facebook Messenger users, expanding its reach beyond WhatsApp and Instagram. This move aims to place GuideGeek in the hands of more travelers globally, offering instant, personalized travel tips at no cost.

Elon Musk’s Neuralink Debuts Brain Chip Implant: A Bold Future with Ethical Questions

Elon Musk’s Neuralink is back in the spotlight with a major update: they’ve put a brain chip, called the Link, into a human for the first time. This small device has set its sights on monumental goals, such as helping people who’ve lost their limb functionality. Musk’s big dream doesn’t stop there—he wants the chip to boost our brains, improve our memory and eventually blend the human mind with artificial intelligence (AI).

Mercedes-Benz Launches the New Luxurious CLE Cabriolet

Mercedes-Benz has launched the CLE Cabriolet, building on its heritage of creating four-seater convertible vehicles. This new addition is characterized by its expressive design, advanced technology, and high-quality features, ensuring an enhanced driving experience. The model, which evolves from the CLE Coupé, stands out with its traditional fabric acoustic soft top and distinct high-quality details, making it uniquely positioned in the market. Designed to offer dynamic performance alongside exceptional daily comfort, the CLE Cabriolet supports year-round open-air enjoyment.

4 Companies Reusing Coffee Husk for Eco-Friendly Innovations

A daily cup of coffee is more than just a morning ritual—it’s a powerhouse of energy and health benefits. Beyond keeping you alert, coffee supports brain health, maintains liver function and may even lower the risk of depression. However, the journey of coffee from plantation to mug involves an energy-intensive process that produces significant waste, particularly coffee husks.

Fort Worth Hosts New LG Electronics Facility for EV Charger Assembly

LG Electronics has initiated its first U.S. production facility for electric vehicle (EV) charging stations in Fort Worth, Texas, aiming to bolster the national EV charging infrastructure and generate employment opportunities. The facility’s inauguration was marked by an event attended by Fort Worth Mayor Mattie Parker and LG executives Alec Jang, H.K. Suh and Nicolas Min. This development is part of LG’s strategy to expand its presence in the EV charger market by providing high-quality charging solutions and services.