TechScape: Apple, Google and Microsoft to make passwords a thing of the past | Technology

What if you never have to enter a password again? Introduce. An international holiday. Children dance in the street. Soldiers lay down their arms and hug each other crying across the battlefield.

Sign up for our weekly technology newsletter, TechScape.

Or at least a slight improvement in your daily life. That’s what Apple, Google and Microsoft are offering, with a pretty rare triple announcement that the three tech giants are all adopting the Fido standard and ushering in a passwordless future. The default replaces usernames and passwords with “passwords,” credentials that are stored directly on your device and uploaded to the website only when paired with biometric authentication such as a selfie or fingerprint. From Apple’s announcement

Users log in using the same action they perform multiple times a day to unlock their devices, such as a simple fingerprint or face verification, or a device PIN. This new approach protects against phishing and login will be radically more secure compared to passwords and older multi-factor technologies such as one-time passcodes sent via SMS.

The three companies will roll out Fido support “over the course of the next year.” The Fido2 standard is actually already public and some companies already support it, largely for internal authentication. But the standard has long been missing the last step necessary for ubiquity: making it easy to get started.

That’s what this latest announcement is about. With the help of the platform owners, users can sync their Fido “passwords” without having to log in again on each new device. That takes it from a service that is a nice addition to passwords, to one that can be completely used to replace them.

Ease of use is only part of the reason for the switch. Passkeys, secured with biometric identification on your phone, are faster than entering passwords manually, but if you use a password manager (and you must use a password manager) you can enter passwords and login to most websites with the tap of a (fingerprint detection) button.

But the bigger reason is that passwords are worthless. They are worthless because of the way they are used in practice: people create short, easy-to-guess passwords and then reuse them on the Internet. For many users, the more important a website is, the more likely it is that the password will be short and easy to guess. times a day.

And the ways we’ve tried to solve passwords… are worthless, too. Requirements to complicate passwords, in an effort to make it harder to brute-force break them, are notoriously annoying and often inept at securing the actual outcome they’re looking for: if “P@ssword1″ is a valid password, but ” doubloon prorogue tunnel” (to present a passphrase just randomly generated by my password manager) doesn’t, you just reduced the security of someone’s account.

Two-factor authentication, which asks you to associate a second “factor” with your account — such as a phone number that gets texted or another device you use to approve the login — has its own problems. The most popular forms of two-factor authentication all involve the use of one-time passcodes, either texted to you or generated by an app on your phone or computer. And those one-time passcodes are just as susceptible to phishing as a conventional password, albeit with a shorter expiration date if successfully stolen.

And so, when the Fido thing takes off, the world should become a little safer, a little less frustrating, and a little smoother to go through.

What will it look like for you? In practice it probably won’t be that different. One day you create an account on a website and just… no more asking for a password. You may not even notice it happening. But don’t worry: the children are dancing in the street anyway.

Do you want to read the full version of the newsletter please subscribe to get TechScape in your inbox every Wednesday.

Leave a Reply

Your email address will not be published.