Technological advancements in cyber security may soon make password memorization obsolete. Apple
The passwordless system will transfer the login process to the user's phone. Rather than entering a password, users will just need to unlock their phones in order to sign in to their accounts.
"Just as we design our products to be intuitive and capable, we also design them to be private and secure," senior director of platform product marketing at Apple, Kurt Knight, said. "Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience - all with the goal of keeping users' personal information safe."
While forgoing passwords might seem like a reduction in security, passwords are actually one of the most vulnerable points in our cyber-security due to the fact that they can be guessed or stolen via phishing scams. Switching to mobile authentication will stop hackers from being able to access users' profiles with a password alone.
The passwordless access will function across platforms, meaning Apple devices can be used to login to Microsoft and Google platforms and vice versa. The cross-platform sign-ins are enabled by unique user passkeys created by FIDO and World Wide Web Consortium which are stored in the user's phone.
FIDO's passwordless sign-in standard was already available through the platforms, but until now it had remained vulnerable to phishing attacks during the initial sign-in process.
"These companies' platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices," the FIDO Alliance wrote in an announcement of the joint project, "but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality.
Between the three of them, Google, Apple, and Microsoft control the vast majority of all mobile, desktop, and browser platforms. Android and iOS; Chrome, Edge, and Safari; and Windows and macOS will each transition to passwordless access. This will remove the phishing vulnerability during the initial phase of FIDO by allowing virtually any mobile device to start the process.
"This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security," Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance, wrote in a statement. "This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we'll finally have the internet platform for a truly passwordless future."
