The era of passwords is coming to an end. Microsoft, Google, and Apple will implement passwordless sign-in across all of their OS and browser platforms within the year (1).
“Apple, Google, and Microsoft have announced intentions to increase support for a common passwordless sign-in standard established by the FIDO Alliance and the World Wide Web Consortium to make the web safer and useable for everyone,” stated a press release by Apple Newsroom published on 5th May.
The new feature will enable websites and apps to provide consumers with consistent, safe, and easy passwordless sign-ins across devices and platforms.
The Need for Passwordless Standard Support
Password-only authentication is one of the major security issues on the internet, and managing so many passwords is inconvenient for users. It often leads people to reuse the same passwords across several digital websites and services (2).
Web portals and apps will be able to offer an end-to-end passwordless alternative thanks to the improved standards-based capabilities. Users will sign in using the same method to unlock their devices daily, such as a simple fingerprint, facial verification, or device PIN.
Compared to passwords and traditional multi-factor technologies like one-time passcodes delivered through SMS, this new approach protects against phishing and makes sign-in significantly more secure.
“We build our devices to be private and safe just as we design them to be intuitive and capable,” said Kurt Knight, Apple’s senior director of platform product marketing (3). “Our commitment to offering products that provide maximum security and a transparent user experience — all to keep users’ personal information safe — is central to our commitment to working with the industry to establish a more secure sign-in method that eliminates the vulnerabilities of passwords.”
Easy and Secure Login
According to Google (4), a passwordless login method will allow consumers to use their phones as the primary authentication mechanism for apps, websites, and other digital services.
Unlocking the phone with the default action — entering a PIN, drawing a pattern, or using fingerprint unlock — will be enough to sign in to web services without entering a password. Thanks to using a unique cryptographic token called a passkey shared between the device and the website.
By making logins dependent on a physical device, users will benefit from ease and security. It will remove the need to remember login details across services or risk security by reusing the same password on several different platforms.
In short, users will no longer have to memorize multiple login credentials or go through lengthy password recovery procedures. Google promises that passkeys will automatically sync to a new device via a cloud backup if users lose their phone.
Similarly, because signing in requires access to a physical device, a passwordless system will make it more challenging for hackers to compromise login details remotely. Theoretically, phishing attacks where users are directed to a fake website for password capture will also become more difficult to mount.
Microsoft’s vice president of security, compliance, identity, and privacy, Vasu Jakkal, underlined the degree of platform compatibility (5). “You can sign in to an app or service on practically any device with passkeys on your mobile device, regardless of the platform or browser the device is running,” Jakkal said in an emailed statement.
“For example, users can sign in using a passkey on an Apple device on a Google Chrome browser operating on Microsoft Windows.”
Apple, Google, and Microsoft have stated that the new sign-in capabilities will be accessible across platforms in the coming year, though no precise timeline has been given. More information will be revealed during the company’s developer conference later this month.
Although the plot to kill the password has been ongoing for years (6), recent developments are indicators that it may have finally succeeded this time.
Digital logins linked to a physical device will make seamless online access more tangible in our daily lives.
Fully biometric authentication could be the eventual goal (7). While this might make it easier to navigate digital places, it is unclear how comfortable people will be with the change.
Nonetheless, we are looking at it as an important step toward creating connected digital identities based on biometric-enabled devices.