In a joint press release, Apple, Google and Microsoft announced that they are extending passwordless authentication options to all their platforms.
These joint efforts represent another important step in eliminating the password from our lives, which today continues to be a significant security risk.
The password, the Achilles heel of the web
On Password Day 2022, Apple, Google, and Microsoft announced that they are continuing their efforts for a password-free world. Password flaws have been known for a long time: they are often too weak, reused on several sites and they can be compromised if the user is a victim of phishing. If several solutions have been put in place to try to compensate for these weaknesses, such as double authentication or password managers, none really did without the secret code. But now, industry giants want to completely remove passwords from the authentication scheme.
For this, they will base themselves on the standards of the FIDO alliance, which allow you to connect to applications or websites using one of your devices, often a smartphone. If these standards are already supported by several popular applications, it was still necessary to connect at least once with the help of a password before being able to activate the passwordless connection functionality. And often, it was always proposed to connect with its classic identifiers or to use them to be able to recover access to its account. A way of doing things that always allowed the exploitation of password weaknesses, and which will soon be a thing of the past.
A future without a password?
This announcement means that all major platforms will support passwordless authentication in the future: iOS, Android, Google Chrome, Safari, and Edge, not to mention the Windows and macOS operating systems. Users will be able to choose to use their phone as the primary authentication system for the sites and apps they use. To connect, and even register, all they have to do is unlock their smartphone with the action they have chosen. Their phone will contain a passkey, which will allow the website or app to authenticate it as soon as the device is unlocked. A way to connect based on public-key cryptography and more secure since it does without traditional identifiers.
Announcing the extension of FIDO standards support to all major platforms means that developers will no longer need to provide alternative ways to log in and can simply set up passwordless authentication at all times, too. both for creating an account and for future logins. Also, for the feature to work, it will not be necessary to be faithful to a platform.
Vasu Jakkal, Vice President at Microsoft, told The Verge that it will be possible, for example, to “ connect to a Google Chrome browser running on Windows using a passkey on an Apple device ”. As indicated by Google, do not panic if you lose your phone: the passkeys can be synchronized on your new phone thanks to cloud backups.
These enhancements to the rank of passwordless authentication capabilities are planned to be implemented on all major platforms in 2023.