Microsoft, Google and Apple Commit to a Passwordless Future
Since 2013, the first Thursday in May has been designated World Password Day -- a time to keep password best practices in mind.
However, this year, major tech companies are singing a different song: End the use of passwords completely.
In a show of solidarity, Microsoft, Google and Apple announced on Thursday a joint commitment to increase support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium (W3C). While many platform holders have been slowly rolling out passwordless authentication over the past few years, Thursday's announcement brings a new commitment to ensure that all major platforms will have a unified, secure way to log into their accounts.
Per the joint statement:
The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
For Apple, Google and Microsoft, committing to the standards presented by the FIDO Alliance and the W3C means that users can automatically access their FIDO sign-in credentials, or "passkey," on their devices without having to authenticate their accounts on new devices. It also makes signing into apps or Web sites with their FIDO authentication app OS- and platform-agnostic.
The idea is to make the login process both easier and more secure by authenticating through a mobile device, ditching the need to remember complex passwords, and only requiring the user device to hold on to the FIDO passkey, that will only authenticate when the phone is unlocked.
Thursday's joint commitment also comes with a guarantee to have these passwordless authentication standards fully integrated into the three companies' platforms over the next year.
"Just as we design our products to be intuitive and capable, we also design them to be private and secure," said Kurt Knight, Apple's senior director of platform product marketing. "Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience -- all with the goal of keeping users' personal information safe.
In a blog post commemorating World Password Day, Microsoft's Vasu Jakkal, corporate vice president of security, compliance, identity and management, said that traditional passwords are standing in the way of security. "Passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers," said Jakkal. "In fact, there are 921 password attacks every second -- nearly doubling in frequency over the past 12 months."
Jakkal pointed to the alliance and commitment to the FIDO common authentication standard as a "new era of authentication" that will create a more secure landscape for everyone by avoiding the pitfalls that come with traditional passwords.