In the spring of 2022, three US technology giants announced that they will jointly invest in the development of a password-free future.
PDO
Apple, Google and Microsoft announced in May 2022 in a joint effort to get rid of passwords altogether.
Little by little, the effects of the decision will begin to be seen in consumers’ lives, as companies add password-free options and consumers start using them.
– The complete transition to a password-free world starts when consumers make it a natural part of their lives, says Microsoft’s responsible vice president of identity programs Alex Simons In Apple’s announcement.
FIDO Alliance
Professor of information technology and head of the department of information technology at Aalto University Janne Lindqvist says that the company’s announcement is basically good news.
– Three large companies have announced that they are investing in the password-free FIDO Alliance standard. So this is not the companies’ own invention, but they will adopt these standards and cooperate on the matter.
The FIDO Alliance is an open industry organization that develops passwordless authentication standards, i.e. different login keys and their usage methods.
Login keys
Companies refer to passwordless login as “passkey”.
Log-in key means, for example, biometric methods of identification, such as fingerprint identification, face recognition or iris recognition. The pin code set on the phone could also possibly serve as a login key.
These login keys are intended to replace passwords in the future.
Lindqvist says that log-in keys have their own challenges and complete passwordlessness will not be achieved in the near future, at least not yet.
– A good question is what if you only have one device in use. Then we still have to resort to passwords, which must be used in these situations in case. So, at least in the short term, you can’t get rid of passwords.
The difference to the former
Many different operators have been offering password-free services for a long time. According to Lindqvist, a significant difference in the reform is that the login key is now transferred to the phone instead of, for example, the former USB stick.
Lindqvist says that the login key is not necessarily more secure than two-factor authentication, which is already widely used.
– In general, security always involves marketing, this is not necessarily safer. But potentially this is significantly more seamless.
An easier user experience means that a larger number of users will adopt the security.
Is dependence on technological waste growing?
In the joint effort of Google, Microsoft and Apple to be password-free, there is a possibility that the world’s dependence on these companies will increase.
If it is not possible to log into the accounts other than through a specific device or operator, the user is bound to always use this specific device or operator.
– These companies strongly claim that this is not about locking the user into the product, but yes, all these companies are famous for the fact that they strive in various ways to get people committed to their own platforms.
Lindqvist says that it is not yet clear how the login keys will work if a person wants to change devices or platforms, for example from an Apple phone to a Google phone.
Risks of anonymity
Easy-to-guess passwords are a major data security risk, which login keys aim to address. However, when responding to one risk, login keys may generate new ones.
– However, there is always such a challenge in information security that even criminals and abusers know how to change their operating methods, says Lindqvist.
New information security improvements also bring new potential risks, even tougher crime.
– Let’s imagine a world where everyone has a cell phone, where you can access almost anything with a fingerprint. This means that if you want to commit crimes, instead of just stealing a cell phone, you also take the finger from it.
Lindqvist emphasizes that it is of course a very different type of crime.
– But we have to think about how these new forms will affect future crimes.