May 5th is the "World Password Day." And Apple, Google, and Microsoft have agreed on something.
Together, the three tech titans announced that they are going one step closer on creating a passwordless sign-ins on all platforms they control.
In an attempt to make passwords a thing of the past, the three companies plan to use FIDO passkey technology across all of their mobile, desktop, and browser.
The joint effort means that passwordless authentication should be available an all major device platforms: on Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop environments.
"Just as we design our products to be intuitive and capable, we also design them to be private and secure," said Kurt Knight, senior director of platform product marketing at Apple, in a newsroom post.
"Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe."
Apple joined FIDO in 2020.
Essentially, a passwordless login process allows users to use their phones as the main authentication device for apps, websites, and other digital services, as explained by Google in a blog post.
When users use their phones to authenticate, all they need to do is enter their biometric scans (such as your face or finger), enter a PIN, a password, or draw a pattern.
Using this passwordless method, users should be able to sign in to web-based services without the need to ever enter a password.
This is possible through the use of a unique cryptographic token called a passkey that is generated and shared between users' phone and the web-based service users are trying to use.
Without sacrificing security, passwordless sign-ins should benefit from simplicity.
Without a password, users are no longer required to remember credentials across services, or risk having their accounts compromised because of using the same password in multiple places, or risk their credentials leaked by hackers.
As a matter of fact, passwordless sign-ins can actually make things more secure, because it can make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device. What's more, the approach should also render phishing attacks obsolete, simply because there is no passwords to steal anymore.
Read: Tips In Creating A Strong Password That's Hard To Guess But Easy To Remember
"With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running," explained Vasu Jakkal, Microsoft’s vice president for security, compliance, identity, and privacy, emphasizing the degree of compatibility across platforms, in a blog post.
"For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device."
FIDO, the technology all three companies agree to use, uses the principles of public key cryptography to enable passwordless authentication and multi-factor authentication in a range of contexts.
While many popular apps have started supporting FIDO authentication, all of them require the use of a password before FIDO can ever be configured.
With Apple, Google, and Microsoft agreeing to use FIDO for passwordless sign-ins, this should be a thing of the past.
"This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security,” said Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance.
"This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we’ll finally have the internet platform for a truly passwordless future."