Today is World Password Day and to celebrate Apple,Google, and Microsoft are launching a “joint effort” to kill the password. The vendors want to “expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.”
It is set to be called either “multi-device FIDO credential” or just a “passkey.” Instead of a long string of characters, this new idea would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, and authenticate with some kind of pin or biometric. This sounds like a familiar system for anyone with phone-based two-factor authentication setup, but this is a replacement for the password rather than an additional factor.
This idea is similar to how a password manager can unify your logins under a single password, your passkeys can be backed up by some big platform-holder like Apple or Google. This allows you to bring your credentials to a new device, prevent you from losing them, and make it easy to sync passkeys across devices. If you lose your device, you can still recover your accounts by signing in to your big platform-holder account. It may also be a good idea to have more than one device set up as an authenticator.
To us this sounds like a great idea! I don’t know about you but we aren’t great at memorizing long, random strings of characters. It’s always too tempting to write down passwords or reuse them, and phishing schemes try to trick you into giving your password to a third party. When a security breach happens, username and password pairs are easy to share, and there are huge databases of compromised credentials out there.
According to the The FIDO blog post: “These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.” Apple, which seems to have started the whole “passkey” trend, already has a system up and running in iOS 15 and macOS Monterey, but it’s not compatible with other platforms yet. Google’s passkey support has already been spotted in Play Services on Android, so it should quickly be supported by even older Android devices as soon as it’s ready.
A plot to “kill the password” has been underway for years. So far, Apple, Google, and Microsoft have all said that they expect the new sign-in capabilities to become available across platforms in the next year, although a more specific roadmap has not been announced.
Want more breaking news? Subscribe to our Tech Tips for the latest updates in the tech world and tricks to help you stay secure while online!