Passwords have been around for ages (“what’s the magic word?”) and were first introduced on computers back in the 60s. But industry leaders are paving the way for a password-free (or password-limited) future.
This week, Apple, Google, and Microsoft announced plans to collaborate on a common sign-in standard created by the World Wide Web Consortium and FIDO Alliance, an organization that launched in February 2013. FIDO’s stated mission is to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords.” According to FIDO, passwords, which people often re-use, are behind more than 80 percent of data breaches.
When you access a slew of password-protected accounts every single day, it’s impractical to memorize unique codes for each one. Oops, was this the one I changed because of a data breach? Did I include a special character in this one or not? Was this password set by a past employee who quit a decade ago? Password-only authentication is both a headache and, according to the three tech giants, “one of the biggest security problems on the web.”
Out with the old —
In a joint press release, the companies explained that they are working to offer an end-to-end passwordless option. Users will sign in “through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.” The biometric sign-in options are smoother than memorizing gnarly codes and don’t have the same vulnerability to SIM-swapping hacks that two-factor authentication can enable — remember the teens who hacked high profile Twitter accounts?
The companies say that the new standards will give websites and apps the ability to offer “an end-to-end passwordless option.” Users would be able to sign in with familiar methods like a quick scan of their face or their fingerprint. Imagine if setting up Face ID enabled your Pixel phone to use that same facial data, for example.
Most people don’t use password managers. Microsoft removed the obligation to use passwords for Microsoft accounts in fall 2021. That could soon be the future for just about every tech device on the market.