Big Tech Companies Want to Kill Passwords on Password Day
Fed up with typing in passwords? Well, you’re not alone, and neither will you be alone in being excited to hear that Apple, Google and Microsoft have just made a joint announcement on pushing forward with the wider availability of passwordless logins in a major way.
This news comes, rather pointedly, on Password Day, with the tech triumvirate desiring to see the back of having a bunch of passwords for websites, services and apps – and having to remember them all, or engage in unsecure practices like jotting them down – so plans have been revealed for a common standard to implement widely-used and convenient passwordless sign-ins, across all their platforms.
That standard – created by the FIDO Alliance and World Wide Web Consortium – is a big step on from what’s used for more secure logins, over and above a basic username and password, right now.
Namely the likes of two-factor authentication (2FA, which represents a second login step of a verification code texted to a smartphone for example) or the use of an app like a password manager.
All change
FIDO authentication already facilitates passwordless sign-in across some websites and apps, but the big difference here is about making the process not just more widely adopted, but more secure due to an end-to-end passwordless option.
What this means is that users will no longer have to sign-in for the initial login across every website or app, on every individual device, to enable passwordless access in the first place. Instead, people will simply login by unlocking their phone – via whatever method they normally employ, like a fingerprint reader for example, or PIN – and that’ll automatically unlock the account.
Example
So, say you’re logging in to a website on your PC, all you’ll need is to have your smartphone on you, and it’ll be possible to sign-in to the site on your computer’s browser by unlocking the phone – that’s all there is to it (the phone stores the FIDO ‘passkey’ used to access the account).
In short, you can forget all about passwords in this new online world being ushered in, and with supporting sites and services, all you’ll need is your phone and its login method.