Truth be told, I’m not a huge fan of World Password Day. Such odd signs for a single day of the year tend not to make much of a difference in the general awareness of security issues that are important to most users, it seems to me. I’ll make an exception, however, in 2022 where three tech giants used a Password Day focus to announce an amazing security charter. Ironically, an agreement may provide for the gradual elimination of passwords in the daily use of millions of people. Here’s what Apple, Google and Microsoft announced and why it matters.
Eliminate password friction to enhance security
Anyone who has ever read my articles or watched the Forbes Straight Talking Cyber video series will know that I am not a huge fan of passwords. Or rather the fact that it tends to encourage a low level of security hygiene among users. Easy to remember and guess, passwords are the order of the day for many, and to make matters worse, they are then used across multiple accounts, sites, and services. I’ve always been a evangelist about using password managers, but even these are apps that make password use less complicated at the same time enhancing security gets a lot of trouble for the majority. For better security measures to gain leverage with the average user, they need to create as little friction as possible, to be so easy to use that you hardly notice it’s there. And that’s why I’m also a fan of “no passwords” systems and so excited about the incredible security agreement between Apple, Google, and Microsoft for 2022 and beyond.
An amazing security agreement between Apple, Google and Microsoft revealed
So, what did Apple, Google, and Microsoft announce? In short, the three tech giants agreed to a joint effort committed to “expanding support for the passwordless login standard.” What does it mean? Well let’s start with what this doesn’t mean which is any immediate changes as these will likely roll out in the coming months and I wouldn’t be at all surprised if we talk more towards the end of the year before we see this vision A passwordless future becomes a reality across all three vendor platforms . What that means is sticking to FIDO (Fast ID Online) Alliance standards by using mobile devices instead of passwords to authenticate apps and websites and doing so across platforms. This is important because you will be able to log into a site or service on your computer “within range” just by looking at your phone, scanning your fingerprint, or entering a PIN code.
Clearer, stronger, cross-platform authentication for everyone
In this scenario, the smartphone acts as a secure traffic store. Using, for example, biometrics to access this key provides something you are on (face or fingerprint scan) or something you know (PIN) as well as something you have (smartphone) in one simple action. As I already mentioned, improving security requires user acceptance, which means that solutions should be as frictionless as possible. This is the mark of this box. If you’re already familiar with Face ID on your iPhone, Windows Hello on your PC, and Microsoft Authenticator or Google prompting two-factor authentication for a smartphone, you’ll appreciate how simple it is. The latter already explains how this cross-platform passwordless technique will work: you want to access a site or service using the Google Chrome browser on your Windows PC, and you can do so just by confirming the prompt that pops up on your iPhone. How cool and comfortable is it?
Easier security, more powerful security
While there is some miles in the argument that putting all of your authentication eggs in one, smartphone-shaped basket, it’s actually safer than it sounds. At least for most people, most of the time. In order for threatened actors to gain access to your accounts or services, they must have physical access to your device and your face/fingerprint or PIN. This is by no means impossible, and no one will suggest that it is, and there is also an argument to be made about this making it easier to access law enforcement in certain circumstances. However, speaking of the average user, someone who probably doesn’t use the strongest passwords but is statistically more likely to reuse them across sites and services, this is a huge step forward in terms of secure authentication in my never-to-humble opinion.
What do experts say about this amazing security pact?
Jane Easterly, Director of the United States Cyber Security and Infrastructure Security Agency CISA: “The standards developed by the FIDO Alliance and the World Wide Web Consortium and led by these ground-breaking companies are the kind of forward-thinking that will ultimately make the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility to service providers and an experience Better user for customers.
Jake Moore, Global Cyber Security Consultant at ESET: “It is encouraging that Microsoft, Google, and Apple are trying to pave the way for making account access secure and convenient. This is not something that can be achieved overnight, but it highlights that more needs to be done when it comes to password security. Cybercriminals will inevitably try to navigate through Looking for ways to exploit this as nothing remains to prevent hacking, but as with any early adoption of a new technology, this is a great start and we’ll likely see a proper version of this in the near future.”