Skip to main content

Big tech firms are teaming up to banish passwords for good

For a lot of us, password security is the ultimate case of procrastination: We know we need to use stronger, unique passwords, yet all too often we end up booting the problem as a job for another day. Instead of trying to convince us for the 1,000th time that “123456” is not a safe password, Apple, Google and Microsoft have decided to try something different.

Today, the three tech giants have announced plans to work on a common sign-in standard created by the FIDO Alliance and World Wide Web Consortium. If all goes according to plan, the new system could do away with passwords entirely, allowing you to sign in to apps and websites in a more convenient way.

Silhouette of male hand typing on laptop keyboard at night.
Andrew Brookes/Getty Images

In a joint press release, the companies explained that they are working to “offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.”

That includes fingerprint recognition, tools like Apple’s Face ID, or a device PIN. Biometric authentication in particular is a much safer way of securing accounts than using a password, with Apple estimating that Face ID only has a one-in-a-million chance of being fooled. That’s several orders of magnitude more secure than using “password123” to log in.

The tech companies highlight another benefit of the new system: Convenience. The FIDO standard lets users find their login credentials on their devices (including new ones) without needing to re-enroll each account. Along with that, you will be able to sign in on one device by using another nearby device — for example, you could use an iPhone to log into an account on your Windows PC — regardless of which operating system each device uses.

Say goodbye to passwords

The apple-face-id-feature.
Apple

Logging in to your accounts with the FIDO system could avoid the pitfalls of weak and reused passwords. If bad actors can guess their way past your account security — and then use those login credentials to gain access to your other accounts that share the same passwords — it can lead to you losing private data or having your identity stolen.

In a statement to Digital Trends, Microsoft underlined that point by saying, “attacks per second on passwords have nearly doubled since this time last year. For every second that goes by, there are 921 attacks on passwords,” making for a total of 79.5 million attacks per day.

And while it can be good to lock up your logins with one of the best password managers, even that’s not foolproof if you use a poor master password or reuse login details frequently.

Other methods designed to mitigate these threats, such as two-factor authentication, can be hijacked. Hackers have taken to so-called ‘SIM swap’ attacks to gain access to recovery passcodes sent to users via SMS messages, meaning even methods designed to be safe can be compromised.

In addition to the three big tech firms, the press release states, “Hundreds of technology companies and service providers from around the world” have worked on the standard, which could lead to it getting broad adoption in the future. While there is no solid launch date yet, it is expected to be rolled out on Apple, Google, and Microsoft services over the course of the coming year.

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
These embarrassing passwords got celebrities hacked
dt10 language and tech motorola razr v3 paris hilton

One thing that celebrities have in common with everyday people is that they are also susceptible to cybersecurity breaches. Many public figures have had their private and public tech accounts hacked over the years and these attacks have often been due to them simply having weak passwords that were easy for bad actors to figure out.

Socialites, actors, politicians, and even prominent tech figures are guilty of lazy password practices, and falling victim to cybercrime that has compromised their passwords.
President Donald Trump

Read more
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Google just made this vital Gmail security tool completely free
The top corner of Gmail on a laptop screen.

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more