Apple, Google, and Microsoft are launching a joint effort to kill the password. They plan to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
The new “passkey” scheme works on push two factor notification, which means that instead of entering a long string of characters, the app or website you're logging in to would push a request to your phone for authentication. From there, you'd need to unlock the phone and authenticate with some kind of pin or biometric.
Some push 2FA systems work over the Internet, but this new FIDO scheme works over Bluetooth. That means both devices will need Bluetooth on board, which is a given for most smartphones and laptops, but could be a tough ask for older desktop PCs.
Companies have been trying to go passwordless for years, but getting there has been tough.
Passwords work fine if they are long, random, secret, and unique, but the human element of passwords is always a problem. We aren't great at memorising long, random strings of characters, and it's tempting to write down passwords or reuse them.
When a security breach happens, username and password pairs are easy to share, and there are huge databases of compromised credentials out there.
A FIDO blog post says the new passwordless capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.
CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.
If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us
We couldn't do this without the support of our sponsors and contributors.