For many of us, password protection is the ultimate case of procrastination: we know we need to use stronger, unique passwords, but all too often we think of the problem as a job for another day. Instead of trying to convince us for the thousandth time that “123456” is not a secure password, Apple, Google and Microsoft decided to try something different.
Today, the three tech giants announced plans to work on a common login standard created by the FIDO Alliance and the World Wide Web Consortium. If all goes according to plan, the new system could do away with passwords completely, making it easier for you to log into apps and websites.
Andrew Brookes/Getty Images
In a joint press release, the companies explained that they are working on “offering an end-to-end passwordless option. Users log in using the same action they take multiple times a day to unlock their devices, such as simple verification of their fingerprint or face, or a device PIN.”
That includes fingerprint recognition, tools like Apple’s Face ID, or a device PIN. Biometric authentication, in particular, is a much more secure way to secure accounts than using a password, with Apple estimating that Face ID has only a one-in-a-million chance of being fooled. That’s several orders of magnitude more secure than using “password123” to login.
The technology companies emphasize another advantage of the new system: convenience. The FIDO standard allows users to find their credentials on their devices (including new ones) without having to re-enroll each account. In addition, you can sign in on one device with another nearby device — for example, you can use an iPhone to sign in to an account on your Windows PC — regardless of which operating system each device uses.
Say goodbye to passwords
Logging into your accounts with the FIDO system can avoid the pitfalls of weak and reused passwords. If malicious parties can guess their way through your account’s security — and then use those credentials to access your other accounts that share the same passwords — it could lead to the loss of private information or theft of your identity.
And while it can be good to lock your logins with one of the best password managers, even that isn’t foolproof if you use a bad master password or reuse login credentials often.
Other methods designed to mitigate these threats, such as two-factor authentication, can be hijacked. Hackers have resorted to so-called “SIM swap” attacks to gain access to recovery passwords sent to users via text messages, meaning even methods designed to be secure can be compromised.
In addition to the three major tech companies, the press release states, “Hundreds of technology companies and service providers from around the world” have been working on the standard, which could see it gain widespread adoption in the future. While there’s no solid launch date yet, it’s expected to roll out across Apple, Google, and Microsoft services over the next year.