The world’s largest and most influential technology companies have come together to support the adoption of passwordless sign-ins, doing away with conventional passcodes.
With an average of ten online accounts each, as humans, we have significant amounts of private and sensitive data in the digital sphere.
Our bank accounts, personal communications, work emails, address, and identity documents are all often stored in digital accounts accessible by password. The problem is that most of us are not creative when it comes to choosing a password. This interesting ExpressVPN analysis shows that many of us use overly simple passwords like our names, date of birth, or even worse, just ‘password’ or ‘123456’. This makes it very easy for accounts to be breached.
But instead of trying to get people to tighten their passwords, Google, Apple, and Microsoft have announced that they are keen to do away with them completely. In a recent press release, the companies committed to expanding their support for the FIDO standard, which does away with user-chosen passwords.
The FIDO protocol, as it is known, uses public-key cryptography, to offer a higher level of security to users. When a consumer registers with an online service, the integration with FIDO facilitates the creation of a new key pair with the user’s device, this private key is stored on the device and is only accessible to the online service when the user authorizes it. The protocol was developed by FIDO along with W3C and hundreds of other tech stakeholders in the industry.
The three companies noted that additional steps such as two-factor authentication and password managers do offer more protection than just a regular password, but issues still remain. This is why they have thrown their weight behind the new protocol. In the announcement, they noted they have been working hard to develop the protocol and system further to be more secure and more user-friendly.
Users will simply use their mobile devices to access the new passkey. These devices should be opened using a fingerprint, a device pin, or facial recognition. From there, the device will sync with the site that is being opened, presenting the passkey for authentication. Should the user lose their device or even break it, they can still get access to their accounts. All data, including the passkey, is saved in the cloud and can be synced with a replacement device, restoring access once again.
Forward-thinking for the future
Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency, spoke out in favor of the new technology. She said it will keep the private sector and members of the public safer and is the kind of forward-thinking that is needed in today’s digital age.
Over at Microsoft, Alex Simons, the Corporate Vice President of Identity Program Management, said, “The complete shift to a passwordless world will begin with consumers making it a natural part of their lives.” He added that this solution is quicker, easier, and more effective, which should mean easy adoption by the public.
It seems that tech companies have realized they are fighting a losing battle by trying to get users to pick better passwords. Instead, it seems the solution lies with doing away with them completely and replacing them with a more efficient and secure method.