Apple, Google, and Microsoft Take a Step Closer to a Passwordless Future.
Apple, Google, and Microsoft Take a Step Closer to a Passwordless Future. Together, the three big tech giants dominate over 99% of the mobile and over 92% of the desktop market. World Password day 2022 is perhaps the most notable day for the identity and access management space.
This World Password Day, three of the biggest tech companies — Apple, Google, and Microsoft — jointly announced their commitment to adopting passwordless authentication, taking the world a little closer to shedding passwords and their inherent risks.
Together, the three big tech giants address over 99% of the mobile and over 92% of the desktop market, making it a significant step towards ensuring greater user security.
All three companies will adopt the public key cryptography-based common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium (W3C) for all mobile, desktop, and browser platforms under their umbrella.
These include Apple’s iOS and macOS; Google’s Chrome, ChromeOS and Android; and Microsoft’s Windows, Windows 365, Azure Virtual Desktop, and Virtual Desktop Infrastructure, all of which are used by billions of people.
“Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities,” said the FIDO Alliance.
Vasu Jakkal, corporate vice president for Security, Compliance, Identity, and Management at Microsoft, said that there are 921 password attacks every second, almost double from a year ago, making them one of the most common entry points for attackers. The fact that people often write down passwords, choose weaker ones or reuse passwords across platforms doesn’t help either.
In recent years, 2FA and password managers helped to some extent, but the FIDO Alliance pointed out that password managers and legacy forms of two-factor authentication offer incremental improvements, but they are not enough. For instance, 2FA through one-time passwords becomes useless in a SIM swapping attack.
Users can expect end-to-end passwordless authentication through biometrics (fingerprint or face) or a device PIN built into the OS’, applications and services they use by some time next year. However, neither of the three companies shared a concrete plan for it.
Apple, Google, and Microsoft were all involved in developing FIDO and W3C passwordless standards and have already implemented support in some products such as Android and Windows Hello. But the initial sign-on presently has some limitations, which are now being addressed through new capabilities.
These include the ability of users to automatically access their FIDO sign-in credentials, known as passkeys, on multiple devices, including new ones, without having to re-enroll every account. Users will also be able to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running. Physical proximity will be assessed through Bluetooth.
In short, to log into an application or a website, the user will receive a prompt on their smartphone pushed through a request. All the user would need to do is unlock the phone and authenticate with biometrics of a PIN. Passkeys are synced and backed up in the cloud, so losing the phone will not impact account(s) security.
“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” said Alex Simons, corporate vice president of Identity Program Management at Microsoft.
"By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”
Comments
Post a Comment