On World Password Day — May 5 — the three big tech companies resolved to ditch passwords entirely. Google, Apple, and Microsoft have come together to announce a commitment to building support for a passwordless era where you will no longer have to enter passwords on your mobile, desktop, and browser devices. In other words, the three companies are working towards bringing passwordless authentication to all major device platforms, such as Android, iOS, Windows, ChromeOS, Chrome browser, Edge, Safari, and macOS, among others.
Apple’s senior director of platform product marketing, Kurt Knight said, “Just as we design our products to be intuitive and capable, we also design them to be private and secure.” Google’s PM Director of Secure Authentication at Google and President of FIDO Alliance, Sampath Srinivas, in a blog post, said, “The passkey will bring us much closer to the passwordless future we’ve been mapping out for over a decade.” Vasu Jakkal, Microsoft’s Corporate Vice President for Security, Compliance, Identity, and Management, wrote in a post, “Microsoft, Apple, and Google have announced plans to expand support for a common passwordless sign-in standard.”
Signing in to your online account will be as easy as unlocking your phone with the passwordless authentication that is being collectively built by the three tech companies. For instance, you set either a password, a pin, or a pattern to unlock your phone and keep using it every time you have to unlock your device. A similar process will be enough to let you in to your online accounts. You will not be required to enter a password. A unique cryptographic token aka a FIDO (Fast ID Online) credential called a passkey will authenticate your sign-in between your mobile and the website.
Since signing in to websites and apps will require authentication from a physical device, users will benefit in two ways. First, they would not have to memorise passwords for each service. And even if someone is good at remembering passwords, they are probably using the same password for multiple accounts — giving hackers leverage over all those accounts if one of them is compromised. That practice will also go away if there are no passwords. Second, a passwordless system makes it much more difficult for hackers to get into an account by compromising login details.
The passwordless authentication system will be rolled out next year to all users of Apple, Google, and Microsoft. They will be able to use apps like Google Authenticator and Microsoft Authenticator to sign in to any account, no matter if it is Gmail or Outlook. The authenticator apps, as well as passwordless authentication, will work on the FIDO standard that uses public-key cryptography to allow hardware-enabled logins. Google said the passkeys can be synced to a new device through cloud backup in case a phone is lost.