Tech giants Apple and Google announced they had committed to passwordless sign in across all platforms they control over the next year. This means that passwordless authentication is coming to all major platforms within the next year: Android and iOS mobile operating system; Chrome, Edge and Safari browsers; Windows and macOS desktop environments.
Google published a blog post that described how passwordless login will allow users to choose their phone as the primary authentication device for apps, websites and other digital services. The default actions of unlocking the phone -- drawing a pattern or entering a pin -- are sufficient to allow you to log in to web services. This is possible thanks to a unique cryptographic token known as a passkey, which is shared between your phone and the website.
Logins will be made contingent upon a physical device. This is to ensure that users have both security and simplicity. There will be no need to remember login details across services, or compromise security by using the same password in multiple places. Hackers will find it difficult to remotely compromise login details using a passwordless system. Signing in requires physical access, so passwordless systems will make it more difficult to hack into. Phishing attacks that direct users to fake websites for password capture should also be harder to mount.
A standard called FIDO makes cross-platform functionality possible. It uses the principles and public key cryptography to allow passwordless authentication as well as multi-factor authentication in a variety of situations. The phone can be used to store a unique FIDO compliant passkey. This will only be shared with a website when it is unlocked. Google also stated that passkeys can be synced from cloud backup to a new phone in the unlikely event of a lost device.
Many popular applications already support FIDO authentication. However, users must use a password to sign on. This means that they are still susceptible to phishing attacks where passwords are stolen or intercepted. However, the new procedures will eliminate the need for a password. All websites that make use of the extended FIDO support in order to create a passwordless end-to-end experience will benefit from a phishing-resistant security. This includes both the initial sign-in to a website as well as repeated logins.
Apple, Google, Microsoft, and Microsoft all have stated that they expect new sign-in capabilities across platforms to be available in the next year. However, a specific roadmap has yet to be announced. The plot against the password has been in place for many years. However, there are some signs that it may finally have succeeded.
Passwordless is state of the art when you ask users to create accounts. It's a safe way of preventing users from using unsafe passwords and makes it very easy for users to create accounts. Get in touch with us if you want to learn how use this for your online services.
Photo by Pixabay from Pexels
Digital trends that will impact your business
We monitor latest digital trends and assess their value for your online business.