Skip to main content

Big tech firms are teaming up to banish passwords for good

For a lot of us, password security is the ultimate case of procrastination: We know we need to use stronger, unique passwords, yet all too often we end up booting the problem as a job for another day. Instead of trying to convince us for the 1,000th time that “123456” is not a safe password, Apple, Google and Microsoft have decided to try something different.

Today, the three tech giants have announced plans to work on a common sign-in standard created by the FIDO Alliance and World Wide Web Consortium. If all goes according to plan, the new system could do away with passwords entirely, allowing you to sign in to apps and websites in a more convenient way.

Silhouette of male hand typing on laptop keyboard at night.
Andrew Brookes/Getty Images

In a joint press release, the companies explained that they are working to “offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.”

That includes fingerprint recognition, tools like Apple’s Face ID, or a device PIN. Biometric authentication in particular is a much safer way of securing accounts than using a password, with Apple estimating that Face ID only has a one-in-a-million chance of being fooled. That’s several orders of magnitude more secure than using “password123” to log in.

The tech companies highlight another benefit of the new system: Convenience. The FIDO standard lets users find their login credentials on their devices (including new ones) without needing to re-enroll each account. Along with that, you will be able to sign in on one device by using another nearby device — for example, you could use an iPhone to log into an account on your Windows PC — regardless of which operating system each device uses.

Say goodbye to passwords

The apple-face-id-feature.
Apple

Logging in to your accounts with the FIDO system could avoid the pitfalls of weak and reused passwords. If bad actors can guess their way past your account security — and then use those login credentials to gain access to your other accounts that share the same passwords — it can lead to you losing private data or having your identity stolen.

In a statement to Digital Trends, Microsoft underlined that point by saying, “attacks per second on passwords have nearly doubled since this time last year. For every second that goes by, there are 921 attacks on passwords,” making for a total of 79.5 million attacks per day.

And while it can be good to lock up your logins with one of the best password managers, even that’s not foolproof if you use a poor master password or reuse login details frequently.

Other methods designed to mitigate these threats, such as two-factor authentication, can be hijacked. Hackers have taken to so-called ‘SIM swap’ attacks to gain access to recovery passcodes sent to users via SMS messages, meaning even methods designed to be safe can be compromised.

In addition to the three big tech firms, the press release states, “Hundreds of technology companies and service providers from around the world” have worked on the standard, which could lead to it getting broad adoption in the future. While there is no solid launch date yet, it is expected to be rolled out on Apple, Google, and Microsoft services over the course of the coming year.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Google missed big chance with ChatGPT-like tech, report claims
Google Logo

Google missed a golden opportunity to lead the way with its own ChatGPT-like chatbot technology tool two years ago, but an overly cautious attitude from those at the top prevented the company from releasing it, according to a Wall Street Journal report on Tuesday.

The two Google researchers who created the powerful conversational AI technology reportedly told colleagues at the time that their creation could revolutionize how people searched on the internet and worked with computers.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more
LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more