Why Apple, Google and Microsoft want you to abandon passwords
According to some of the biggest tech companies in the world, passwords are an antiquated technology that should be done away with.
In a digital world, passwords are some of the most persistent bugbears we face in our daily lives. We're all sick and tired of forgetting our passwords and being forced to go through the rigmarole of resetting them, or worse, losing access to our account all together.
Still, they seem like an inevitable feature of life. It's a long-standing way of quickly and efficiently proving your identity and thus gaining access to your account. Well, according to some of the biggest names in tech, there is a better way.
Apple, Google and Microsoft have thrown their weight behind a passwordless sign-in standard created by the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium. So what does this proposal entail, and why are tech companies so passionate about it?
A passwordless future
An extensive summary created by FIDO explaining its technology can be read in full here. This concept doesn't rely on some experimental or inventive technology that will completely reshape the way we think about cybersecurity. Instead, FIDO is advocating for a broad and unified uptake of measures that are already commonly available, in a manner that will completely eliminate passwords.
FIDO-based technology will require users to undertake the same action several times a day to sign in to their accounts. Thankfully, the actions will be extremely simple, such as face or fingerprint verification, or a PIN. This will make sign-ins far more secure and protect against phishing – the practices criminals use to steal personal information.
2-factor authentication (2FA) is another extremely effective way to increase security. One of the most common forms of 2-factor authentication is one-time codes sent over email or SMS. A key feature of FIDO-based technology is to utilise smartphones as "roaming authenticators".
Existing forms of 2FA are easily abused by hackers and phishers. FIDO will make 2FA safer than ever by utilising Bluetooth to prove that the authenticating smartphone is in the same location as the device the user is logging in on. This will prevent phishers on other continents from bypassing 2FA.
This package of measures is expected to become available on Apple, Google and Microsoft products over the course of the next year.
Why are passwords so insecure?
If you're wondering why organisations are going to so much effort to do away with passwords, let's take a look at why passwords are so imperfect.
It seems like every day we read about a new cyberattack or data breach that massively jeopardises cybersecurity. Repeated studies have shown that consumers recycle passwords at a far greater rate than is safe. Tech readers are used to being brow-beaten about this fact, but it's just too difficult for the human brain to recall unique and complicated passwords for all the different services we use.
You can physically write all your passwords down, but that adds a whole new world of complications digital innovations are supposed to avoid.
Data breaches of major companies can lead to your personal information, including your passwords, being shared among nefarious online actors. Hackers can also use software to crack your passwords, often by a simple process of trial-and-error, within about 13 seconds.
What makes these recent developments so exciting is that major companies like Apple, Microsoft and Google all getting in on FIDO's technology is the best possible way to improve cybersecurity as a whole. Our digital lives are so loosely-spread that we need a broad uptake of these measures to truly befuddle cybercriminals and keep our information safe.
Unfortunately, we aren't quite living in a post-password paradise just yet. For now, cybersecurity experts agree that password managers are one of the most critical ways to protect your accounts. These helpful websites or applications essentially take the concept of physically writing down your passwords, and encase it in layers of online security and convenience.