For a lot of us, password security is the ultimate case of procrastination: We know we need to use stronger, unique passwords, yet all too often we end up booting the problem as a job for another day. Instead of trying to convince us for the 1,000th time that “123456” is not a safe password, Apple, Google and Microsoft have decided to try something different.
Today, the three tech giants have announced plans to work on a common sign-in standard created by the FIDO Alliance and World Wide Web Consortium. If all goes according to plan, the new system could do away with passwords entirely, allowing you to sign in to apps and websites in a more convenient way.
Andrew Brookes/Getty Images
In a joint press release, the companies explained that they are working to “offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.”
That includes fingerprint recognition, tools like Apple’s Face ID, or a device PIN. Biometric authentication in particular is a much safer way of securing accounts than using a password, with Apple estimating that Face ID only has a one-in-a-million chance of being fooled. That’s several orders of magnitude more secure than using “password123” to log in.
The tech companies highlight another benefit of the new system: Convenience. The FIDO standard lets users find their login credentials on their devices (including new ones) without needing to re-enroll each account. Along with that, you will be able to sign in on one device by using another nearby device — for example, you could use an iPhone to log into an account on your Windows PC — regardless of which operating system each device uses.
Say goodbye to passwords
Logging in to your accounts with the FIDO system could avoid the pitfalls of weak and reused passwords. If bad actors can guess their way past your account security — and then use those login credentials to gain access to your other accounts that share the same passwords — it can lead to you losing private data or having your identity stolen.
And while it can be good to lock up your logins with one of the best password managers, even that’s not foolproof if you use a poor master password or reuse login details frequently.
Other methods designed to mitigate these threats, such as two-factor authentication, can be hijacked. Hackers have taken to so-called ‘SIM swap’ attacks to gain access to recovery passcodes sent to users via SMS messages, meaning even methods designed to be safe can be compromised.
In addition to the three big tech firms, the press release states, “Hundreds of technology companies and service providers from around the world” have worked on the standard, which could lead to it getting broad adoption in the future. While there is no solid launch date yet, it is expected to be rolled out on Apple, Google, and Microsoft services over the course of the coming year.