“Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services,” says FIDO Alliance. To take a step forward to do away with passwords, Apple, Google, and Microsoft have announced plans to support a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. This will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
Terence Gomes, country head – security, Microsoft India, adds, “Although we’re at a greater risk of security breaches than ever before, people aren’t always successful at setting up strong passwords. While issues such as forgetting one’s password or reusing the same password for multiple accounts remain, we also need to acknowledge the inefficiency and vulnerability of passwords in general. Nation-state actors and cybercriminals have now become too advanced for traditional security measures, and to combat these threats, users also need to upgrade.”
The phone will store a FIDO credential called a passkey, which will be used to unlock the user’s online account. The passkey is based on public-key cryptography, and it is apparently considered more secure. It is only shown to the user’s online account when he/she unlocks the phone.
To sign into a website on the computer, the user will need to have his/her phone nearby and be prompted to unlock it for access. After this, the user will not require the phone again and can sign in by unlocking the computer. In case of misplacing the phone, the passkeys will securely sync to the new phone from cloud backup.
Passwordless future has been in the making for quite some time now
The passwordless authentication market size is estimated to reach USD 53.64 billion by 2030, as per a report. The tech leaders have been on a passwordless journey for quite some time now.
In the early part of 2021, Microsoft announced that passwordless sign-in was generally available for commercial users. Later that year, the tech giant announced that the user could completely remove the password from their Microsoft account. By using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to the phone or mail; one can access apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, etc.
Last year in May, Google asked users who have enrolled in two-step verification (2SV) to confirm it’s really them with a tap through Google prompt on their phone whenever they sign in. Google said that it was also building advanced security technologies into devices that will make multi-factor authentication seamless and more secure than passwords.
Google added that its Password Manager, built directly into Chrome, Android and iOS, uses the latest security technology to protect the user’s passwords across different sites or apps they use. When the user goes to a site or signs in to an app while logged into their Google Account, Password Manager can automatically populate the user’s secure password, added Google.
Last year in a presentation, Apple revealed that its iOS 15 and macOS Monterey would preview a feature called “Passkeys in iCloud Keychain” to try to replace passwords with a “more” secure login process.
Big names in tech have realised that proactive steps have to be taken to move towards a more secure way of logging in to billions of devices around the world. A passwordless future is surely quite near.