Friday, May 06, 2022, 17:13 Software

The End Of Passwords? Apple, Microsoft, & Google Are All Going Passwordless

Just two years ago, Apple joined the Fast Identity Online (Fido) Alliance, thus solidifying the company's commitment to a future where passwords are unnecessary. Now, Apple, Microsoft, and Google have come together and announced their commitment in cooperating towards a passwordless future. One of the main arguments behind the initiative is that passwords represent a massive security risk. Although passwords do theoretically provide a rather effective manner of protecting one's own data, the manner in which many users seem to go about the whole process represents a massive security risk. Additionally, the need for entire service departments intended to help users combat identity theft, account theft, or unauthorized purchases represents a huge waste of resources for these companies. If users are simply too lazy to create proper, protective passwords, given the data – the move makes perfect sense.

Are Other Measures Possible?
It doesn't matter how many times people are advised against using the same password on multiple platforms and not to use easy to guess chains of letters or numbers – many users still do so anyway. Even for the users who create proper passwords, they can't necessarily be blamed all the time for cycling the same or similar iteration of a password with a few different sites. Sometimes, there are simply too many passwords to keep track of, but if a breach occurs at one company and such a user's password is revealed – it's a big problem.



More Comfort & More Security Required
Instead of passwords, there needs to be a comfortable, yet reasonably safe way for users to access their data – according to Fido. One important way could be PIN codes similar to those found on smartphones in addition to biometric identification. This already exists on Windows to a degree, users can log into newer Windows machines with either a finger print or a code, albeit a password is still necessary for some system features and the two alternatives (PIN or biometric identification) are not used in tandem and are only for bypassing the lock screen. The hardware is there and most machines on the market are capable of it, however, many websites and services still leave lots to wish for and have thus far failed to take advantage of these opportunities. They're not necessarily to blame though either, it would be very complicated to implement these features in the manner that they would need to. Another important aspect to keep in mind is that the new identification process shouldn't cause more work for users, it should simply combine protection with a proven process.

Passkey & WebAuthn Standard
At the WWDC in 2021, Apple presented the Passkey function for its Keychain service – the company also showed how it could be used to perform WebAuthn standard logins without a password. However, the interface wasn't available for use until the releases macOS 12.3 and iOS 15.4 and only works with web apps currently. Neither Apple, Google, nor Microsoft have mentioned any further ideas in their statement – however, they have emphasized the need for companies, services, and customers to distance themselves from passwords, especially on the web. After the release of Passkey last year, it's very likely that we'll see something else in a similar direction this year at the WWDC next month.

More articles you might enjoy to read: