Your passwords suck so hard that Google, Apple, & Microsoft are getting rid of them
In a joint effort to combat cyberattacks and online frauds, Google, Apple, and Microsoft joined an alliance for the FIDO standard to bring the passwordless future closer to all of the devices that we use throughout the day. All three technology giants announced their commitment to expand support for a “common passwordless sign-in standard that is created by the FIDO Alliance and the World Wide Web Consortium.” In related news, we recently covered how you can delete your personal data from Google, and reclaim your privacy.
In the press release, FIDO says that the “new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.”
Password-only authentication is old, and as we’ve all known for years, it’s not easy to come up with hard-to-guess words and phrases that also include special characters, numbers, capital letters, and so on. It’s always been a problem, and many people, including myself many years ago, re-used passwords that made it easy for hackers to take over accounts and steal private and confidential information.
Password managers came to the rescue a few years ago. They offered an easy way for people to store, generate, and use their passwords across different platforms, and Google, Microsoft, and Apple all built-in their own password managers into their operating systems and web browsers. This helped, but it was still often cumbersome and inconvenient as the passwords had to be copied, manually entered, and changed.
The new proposed standard changes that, and allows users to effortlessly log in to their accounts without needing to type a single character on their devices. Users will now be offered an option to use a passwordless sign-in option on supported platforms, applications, and websites. The new login method will ask users to enter a PIN, and scan their fingerprint or face, much like how easily and effortlessly you can unlock a modern smartphone today.
The new approach will be drastically different, but if you’ve ever unlocked a phone with a PIN, fingerprint, or face unlocking technology, you already know that it takes less than 5 minutes to setup, and it’s convenient, safe, and easy to use. Those using 2FA (Two-factor authentication) – you really should be using it – are already aware that the newly announced alliance is nearly identical to signing in to a Google, Microsoft, or Apple account today. Users will receive a pop-up window or a message on their already registered and authenticated devices to log in on other new appliances, making the login process seamless and quick.
The passwordless future looks bright and convenient
Google says that when you sign into a website or an app on your phone, you will simply unlock your phone, and you’ll no longer have to enter a password anymore. Each and every device will store a FIDO credential called a passkey, which will be used to authenticate the online account. “The passkey makes signing in far more secure, as it’s based on public-key cryptography and is only shown to your online account when you unlock your phone.”
Google also says that once the device is unlocked and access is given, the user won’t have to grab their phone again, and they can just sign in by unlocking the computer. Google also reassures us that even if we lose our devices, the passkeys will be securely synced to the phone from the cloud backup, allowing us to pick up where we left off.
The new passwordless capabilities are expected to become available across Apple, Google, and Microsoft platforms “over the course of the coming year.” Sadly, this doesn’t tell us much, but at least we have a rough idea of when we can expect the new technology to change our lives for the better, and finally forget about the hard-to-remember passwords.
In other, but related news, Google also allows users to change their passwords (via XDA) automatically. Max Winebach found that Google is starting to offer compromised passwords to be automatically changed with the help of Google Assistant. Once permission is given, Google Assistant will go ahead and change the compromised passwords, generate new ones, and update the existing one that has been flagged.
We’re glad to see the alliance and the three large tech companies join. Hopefully, signing in to our favorite apps, websites, and other services will be simpler and more straightforward in the near future as more developers and companies adopt the new standard.