Is passwordless the new way forward?

With a long history of vulnerability and associated data breaches, the world is increasingly moving towards a new future, a passwordless one

As people use more digital devices, there are growing security issues with password security. 

Recently in the Weak Password Report, Specops found that 65% of the respondents reported sharing passwords at work and the majority of these people say the method they use to share passwords is to “just remember them.”

While password managers and legacy forms of two-factor authentication offer much needed improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

Apple, Google, and Microsoft, in a joint effort to make the web more secure and usable for all, have plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.

“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” says Alex Simons, Corporate Vice President, Identity Program Management at Microsoft. 

Moving beyond passwords 

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS. 

“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency. “At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”

Offering customers better protection 

Hundreds of technology companies and service providers from around the world worked within the FIDO Alliance and W3C to create the passwordless sign-in standards that are already supported in billions of devices and all modern web browsers. Apple, Google, and Microsoft have led development of this expanded set of capabilities and are now building support into their respective platforms.

“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s Senior Director of Platform Product Marketing. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”

Share

Featured Articles

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security