For Microsoft, Apple and Google, the future will be passwordless

Passwords pose many problems in computer security. “Passwords are a prime target for attacks. Yet they are the most important layer of security in our digital lives.“, explained Vasu Jakkal, Corporate Vice President for Security, Compliance and Identity at Microsoft, during an interview with L’Usine Digitale. Indeed, a widespread attack technique, called “brute force”, consists of try all possible combinations of characters until you find the right password.

Delete passwords

For Google, Microsoft and Apple, the solution is not to strengthen passwords or change them more regularly, but to remove them altogether and replace them with new, stronger technologies. On World Password Day on May 5, the three companies announced that they are committed to “extend support for the FIDO standard“.

Founded by the “Fast IDentity Online” industry alliance, it is a full range of authentication technologies – such as biometrics (fingerprint, iris, facial and voice recognition) – as well as existing communications solutions to reduce reliance on passwords. FIDO authentication standards are based on public key cryptography and are designed to provide a secure and easy login experience.

Two technologies are now certified by the alliance. The Client-to-Authenticator Protocol (CTAP) allows users to log in without a password by using a dongle or their mobile phone to communicate authentication information via USB, Bluetooth or NFC (Near Field Communication) to the a person’s device. WebAuthn, on the other hand, allows online services to use FIDO authentication via a standard web API (application programming interface), which can be integrated into browsers and allows devices to communicate.

FIDO technologies for everyone

In practice, the partners are announcing two new features that will be implemented over the coming year. Users will be able to authenticate via FIDO on all their devices from the moment they are logged into their account, by authenticating on only one of the devices. They can also use their phone, for example, to authenticate themselves on their computer, regardless of the operating system or browser.

Note that these three companies have a long history of removing passwords. This is how since September 2021, Microsoft has allowed users to rely on a biometric identification, a security key or an SMS verification code to access all of their accounts.

We wish to say thanks to the author of this write-up for this incredible web content

For Microsoft, Apple and Google, the future will be passwordless

Check out our social media profiles and other related pages