World Password Day

Today May 5th is reportedly a World Password Day. According to Verge, Apple, Google, and Microsoft are reportedly plan to implement “passwordless sign-in” in all major platforms by 2023 using FIDO password technology.

The passwordless log-in process reportedly involves using cellphone as the main authentication device for apps, websites, and other digital services, which then “be enough to sign in to web services without the need to ever enter a password, made possible through the use of a unique cryptographic token called a passkey that is shared between the phone and the website”.

“This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security. This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we’ll finally have the internet platform for a truly passwordless future.”

– Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance (source: The Verge)

Kurt Knight, senior director of platform product marketing at Apple, told The Verge:

Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.

Emphasized the degree of compatibility across platforms, Microsoft’s vice president for security, compliance, identity, and privacy, Vasu Jakkal told:

With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running,. For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.

“A passwordless system will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much harder to mount,” writes The Verge.

Related resource link