Did you know May 5th was World Password Day? On this special day, we came closer to making passwords a thing of the past. In a joint statement, three tech giants, Google, Microsoft, and Apple, have announced that they have committed to building support for password-less sign-in across all mobile, desktop, and browser platforms they control in the coming year.
Kurt Knight, senior director of platform
product marketing at Apple, stated, “Just as we design our products to be
intuitive and capable, we also design them to be private and secure. Working
with the industry to establish new, more secure sign-in methods that offer
better protection and eliminate the vulnerabilities of passwords is central to
our commitment to building products that offer maximum security and a
transparent user experience — all with the goal of keeping users’ personal
information safe.”
The three tech giants are offering support
to FIDO Alliance for the same. For those who are unaware, the FIDO Alliance is
an industry group that helps standardize authentication methods online. Read
more about it here.
How it Works?
Most smartphone owners would already have
figured out how this would work. Instead of asking you to input a password,
websites will push a notification to your smartphone to verify your identity.
You just need to unlock your phone to verify it’s you. You can also use one of
the other existing devices you own by sending the unlock request to that device
using Bluetooth.
The Compatibility
Vasu Jakkal, Microsoft’s vice president for
security, compliance, identity, and privacy, emphasized the degree of
compatibility across platforms by stating, “With passkeys on your mobile
device, you’re able to sign in to an app or service on nearly any device,
regardless of the platform or browser the device is running. For example, users
can sign in on a Google Chrome browser that’s running on Microsoft
Windows—using a passkey on an Apple device.”
End to End Password-Less Experience
Sampath Srinivas, product management
director for secure authentication at Google and president of the FIDO
Alliance, said, “This extended FIDO support being announced today will make it
possible for websites to implement, for the first time, an end-to-end
passwordless experience with phishing-resistant security. This includes both
the first sign-in to a website and repeat logins. When passkey support becomes
available across the industry in 2022 and 2023, we’ll finally have the internet
platform for a truly passwordless future.”
The Change
Though several websites and apps allow you
to pick the biometric option, it is available only if you have an existing
account with a password. FIDO’s system would allow you to use the biometric
option from the start with no need for a password to create the account.
Please note that the new passkey system
won’t replace two-factor authentication it will only replace the password in a
standard authentication flow.
Possible Resistance
It is possible that some people who are
used to the passwords might not easily switch to the password-less method. They
might even resist the
change. Tech giants would have to find a solution to this problem as well.
Sources:
https://www.wired.com/story/fido-alliance-passwordless-login-browser-support/
https://techilive.in/apple-google-and-microsoft-team-up-to-vanquish-the-password/
https://www.theverge.com/2022/5/5/23057646/apple-google-microsoft-passwordless-sign-in-fido