Passwords are an integral part of our everyday online life. One thing is essential for almost all accounts. It can quickly happen that you lose track of things. To solve this problem, Apple, Microsoft and Google, among others, want to get rid of the password and are planning a completely different approach.
In order to provide the best possible protection, many online accounts, social media channels, etc. are provided with a password. Either you use a different password for each individual platform or you have an overarching universal password. However, the latter can be quite dangerous if someone else can access all profiles, accounts and channels in one fell swoop.
For this reason, too, large Internet companies have joined forces and are planning a kind of “password revolution”. If they have their way, logins with a password should no longer be the standard in the future.
FIDO standards are intended to replace the classic password
Authentication is the keyword here. It is now also possible to log in with a fingerprint, face recognition or a PIN. The FIDO Alliance announced that new models would be sought. But how should these look exactly?
First, a brief explanation of what is behind FIDO: It is the abbreviation for “Fast Identity Online” and is a non-commercial merger of numerous companies. The goal is the development of license-free and open authentication standards on the Internet. Put simply: passwords should be abolished.
Also read: Don’t save your passwords in the browser!
Login without a password: That’s the principle
But now to the plans of Google, Microsoft and Apple. Password logins would not offer sufficient protection against data theft or phishing, for example. A passwordless end-to-end option should therefore become the login norm.
Together with FIDO, the tech giants have worked out two options. First, there is the FIDO credentials, also known as Passkey. On the other hand, there is FIDO authentication. And this is how these two approaches work:
- FIDO credentials (passkey): A user can automatically access FIDO credentials (passkey) across multiple devices. So you don’t have to constantly log in to every account.
- FIDO authentication: A user can use their smartphone (or other mobile device) to log in or authenticate to a website or app on another nearby device.
Also read: A person affected reports: What happens if the e-mail password is hacked
Nothing works without a second key
Basically, it’s like a key principle. The FIDO foundation is a cryptographic master key that is private. A separate key is generated for each service, app or similar. In order to be able to log into any service, however, a counterpart is required that can be viewed as a kind of public key. If you now want to log on to a website, a request arrives at the private key. The user then confirms this request, for example, with Face ID, fingerprint, or similar.
Apple, Microsoft and Google now want to integrate this standard into their operating systems. Since the passkeys are then stored in the respective accounts, there is no drama if the smartphone is stolen or lost. Because they can be restored. The new functions should be available on the Google, Apple and Microsoft platforms by the end of 2023 at the latest. However, it is still unclear whether the password-free standard will also work across systems.
In any case, the planned innovation represents a clear simplification for users. Since it is now common practice to use several devices in addition to many user accounts, a password-free solution would result in significant time savings. In addition, fingerprint sensors and Face ID are already common for many users in other areas via newer smartphones.