On May 5th, World Password Day, we may have taken another step toward making passwords obsolete.

Apple, Google, and Microsoft said on Thursday morning that in the coming year, they will create support for passwordless sign-in across all of their mobile, desktop, and browser platforms. Passwordless authentication will be available in the near future on all major device platforms, including Android and iOS mobile operating systems, Chrome, Edge, and Safari browsers, and Windows and macOS desktop environments.

“We build our devices to be private and safe just as we design them to be intuitive and capable,” said Kurt Knight, Apple’s senior director of platform product marketing. “Our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe — is central to our commitment to working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords.”

According to Google, a passwordless login method will allow consumers to use their phones as the primary authentication mechanism for apps, websites, and other digital services. Unlocking the phone with the default action — entering a PIN, drawing a pattern, or using fingerprint unlock — will be enough to sign in to web services without ever having to enter a password, thanks to the use of a unique cryptographic token called a passkey shared between the phone and the website.

The notion is that by making logins dependent on a physical device, users will benefit from both ease and security. There will be no need to remember login data across services or risk security by reusing the same password in many locations if you don’t have a password. Similarly, because signing in requires access to a physical device, a passwordless system will make it much more difficult for hackers to remotely compromise login details; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much more difficult to mount.

Microsoft’s vice president of security, compliance, identity, and privacy, Vasu Jakkal, emphasized the degree of platform compatibility. “You can sign in to an app or service on practically any device with passkeys on your mobile device, regardless of the platform or browser the device is running,” Jakkal said in an emailed statement. “For example, on a Google Chrome browser operating on Microsoft Windows, users can sign in using a passkey on an Apple device.”

The cross-platform feature is enabled via the FIDO standard, which uses public key cryptography principles to provide passwordless login and multi-factor authentication in a variety of situations. When a user’s phone is unlocked, it can store a unique FIDO-compliant passkey and share it with a website for authentication. Passkeys may also be simply synchronized to a new device from cloud backup in the event that a phone is misplaced, according to Google’s website.

According to Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance, the new procedures will eliminate the initial password requirement.

“This expanded FIDO support released today will enable websites to create an end-to-end passwordless experience with phishing-resistant security for the first time,” Srinivas said. “This includes both the first and subsequent logins to a website. We’ll finally have the internet platform for a truly passwordless future when passkey support becomes available across the industry in 2022 and 2023.”

Apple, Google, and Microsoft have all stated that the new sign-in capabilities will be accessible across platforms in the coming year, though no precise timeline has been given. Despite the fact that the plot to murder the password has been ongoing for years, there are indicators that it may have finally succeeded this time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here