Why Google, Microsoft and Apple want to get rid of passwords altogether – Technology News, Firstpost
FP explainers06 May 2022 12:27:32 IST
People generally have weak passwords for their online profiles. But some of us have such bad passwords that instead of relying on people to change their habits and create stronger passwords, the three biggest players in the tech space — Apple, Google, and Microsoft — have decided to ditch passwords altogether. will come and use a completely new system for users to login to their accounts.
In a concerted effort to reduce the number of data breaches and hacking of their user accounts, Apple, Microsoft and Google jointly announced on Thursday that they have released significant resources to build a new system for password-less logins. This will be rolled out across all of their mobile, desktop and browser platforms they manage over the next few years.
“Just as we design our products to be intuitive and capable, we design them privately and securely,” said Kurt Knight, Apple’s senior director of platform product marketing. “Working with the industry to develop new, more secure login methods that provide greater protection and eliminate password vulnerabilities is central to our commitment to build products that provide maximum security and a transparent user experience — all with the goal of preserving users’ personal information safe,” Knight added.
The idea is to use a single physical device, usually a smartphone, as the main authenticator for apps, websites and other digital services. Unlocking that smartphone with a PIN, pattern, or fingerprint should be enough to log into a web service. These authenticators use a cryptographic token or password that is shared between the phone and the website.
In this way, users benefit from a very simple and secure login system and don’t have to remember complex passwords, which is why people have bad passwords like ‘123456’ or ‘password’ in the first place, and then, repeat those passwords for several other profiles.
In addition, the most basic way that “phishing” or password-stealing occurs is that people use compromised networks and websites while surfing the Internet, where they have to enter a password, which is picked up by malicious parties.
A passwordless system using such a passkey makes it much more difficult for hackers to compromise credentials remotely, because login requires access to a physical device.
The most common standard for passwords used in the tech space is called the FIDO key and was developed by the FIDO Alliance. The way it works is that a user’s phone stores a unique FIDO-compatible passcode and only shares it with a website for authentication when the phone is unlocked. According to Google’s post, passkeys can also be easily synced to a new device from a cloud backup in the event that a phone is lost.