Big Tech has a plan to finally end passwords once and for all - The UpStream

Hero Image

Big Tech has a plan to finally end passwords once and for all

posted Monday May 9, 2022 by Scott Ertz

Passwords are terrible, I think we can all agree. Every site has its own rules for what does and does not constitute a valid password, making it nearly impossible to create something that works regularly. Then, some sites require that you change your password regularly, ensuring that you'll never remember your password. Some of us write it down somewhere, but that creates a new mess - is it the current one? What is this password even for? You can use a password manager, but there's got to be a better way. Apple, Google, and Microsoft believe they have that better way.

What's coming

This week, Apple, Google, and Microsoft all announced that they will formally support a password-less future powered by the standard created and managed by the FIDO Alliance (Fast IDentity Online). This standard allows for locking services and devices behind a fingerprint, facial print, or PIN. The capabilities are not new for the companies, but working together through this standard means interoperability of services, and ease of implementation for developers.

The FIDO standard will allow users to sign in to a service on one device using the face or fingerprint capabilities built into another device. So, imagine that you're sitting at your Windows 11 laptop that has no fingerprint reader or facial recognition capable webcam. You're trying to sign in to eBay on the laptop using Google Chrome and the service asks you to authenticate. Rather than entering an email address and password, you grab your Apple iPhone and authenticate yourself via Face ID. Once you do, your laptop signs into eBay in Chrome. This is what we can expect once the standard is implemented across the ecosystems.

For enterprises and businesses, this change will reduce most if not all phishing attempts, as the attacker will not be able to track the victim's keystrokes or steal a password. Organizations of various sizes have been plagued by these types of attacks for years, with the growth rate going nuts over the past few years.

For individuals, this move will make life a lot easier. So many consumers have services that they do not know the password for. The service stays signed in for months at a time, but when something changes, such as an app update, it requires you to sign back in. Then you have to figure out the password rules for the service and likely reset the password at the end. Being able to bypass all of that with a password-less option will make life far easier for everyone.

The current offerings

Of course, this is not a new set of features for any of the companies to support. The big difference is that currently everything is built into a single ecosystem, and usually only on-device. Yes, you can use your Apple Watch to authenticate into your iPhone, but that's a very different situation.

Apple

Apple offered Touch ID on devices dating back years and switched to Face ID when the Home Button was retired with the iPhone X. Developers had access to both of these features, allowing banks and more to lock their apps behind a non-password lock. But, if you switched devices or platforms, you had to start over.

Google

Google has offered a similar feature on Android. You can use facial or fingerprint identification to unlock your phone, use Google Pay, or sign in to your bank. But, like Apple, once you change devices or platforms, you're back at square one.

Microsoft

Windows Hello has been offered on Windows for years, but not all hardware supports it. Your laptop's webcam might not support facial identification, and your device likely doesn't have a fingerprint scanner (most do not). You can add external capabilities through hardware like a Yubikey, but that means another piece of hardware and another thing to go wrong. Plus, you must set it up on each device you own individually.

The response

Some have responded negatively to this change. Part of the response has been because they don't understand the way the system works. Fortunately, this is similar to how much of the password-based systems already work, but with a geographical fencing system added on top. And it means that you're not going to be forgetting password.

In addition, some are responding negatively because change is scary. We've all been there, of course. Rearranging the living room can cause emotional responses. Moving to a new city can cause anxiety. But, in the end, it can be a big positive change - not everything is life is bad.

In reality, this has a lot of potential to make everything more secure AND more convenient. It's unusual that new technology brings us both of those things, and this one can do it.

Advertisement

Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!
PLUGHITZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats