Microsoft, Apple, And Google Join Forces to Kill The Password

Microsoft, Apple, And Google Join Forces to Kill The Password

In honor of World Password Day — May 5th — the world’s biggest technology companies have announced an alliance to end our dependence on passwords. This would mean no more using passwords on any major platform, including desktop, mobile, and web browsers. No passwords on Windows, MacOS, Chrome, Edge, Android, iOS, Safari, etc. It’s certainly sounds appealing, but obviously questions about security remain.

Today Microsoft, Apple, and Google announced a joint venture to implement FIDO sign-in standards across their respective platforms. FIDO stands for Fast Identity Online, and instead of a password, people will use their phones to authenticate their identity. The phone stores a passkey, and it will only share it with a website or app once the phone is unlocked. With FIDO all you will need to do when trying to access a site that’s asking for your password is to unlock your phone; whether by FaceID, fingerprint, or similar method. You can still access your passkey even if you lose your phone according to Google. It will be synced to the cloud, and be resent to your new device. The companies will begin implementing the changes in the coming year, extending into 2023.

Microsoft, Apple, And Google Join Forces to Kill The Password

FIDO is already in use by a plethora of apps and sites, but previously a password was required to enable and configure it. The expansion of its support by Microsoft, Google, and Apple will get rid of that requirement. According to Apple’s press release, it will deliver “an end-to-end passwordless experience.” Despite this group acceptance of FIDO by these companies, companies who make apps and websites will still have to choose to adopt it. It won’t be something that’s automatically applied to everything right away. As Google noted in its blog post, “we understand it will still take time for this technology to be available on everyone’s devices and for website and app developers to take advantage of them.”

In light of this news, nobody would reasonably claim the current password situation isn’t a security nightmare. Most people have so many passwords they can’t remember them all. This leads to people reusing passwords, or using simple passwords, which is a security risk. FIDO says the average internet user has over 90 different accounts that require a password. There are current workarounds for this problem including two-factor authentication (2FA) and password managers. However, people have to take the initiative and actively enable 2FA on sites that support it, or figure out how to use a password manager. Both of those steps can be a heavy lift for a lot of users. What these tech companies are doing is essentially implementing multi-factor authentication globally, for all users. It’s unclear if a user will have to opt-in to this new method of authentication once it’s supported by their devices, but it sounds like it’ll be automatically enabled.

Now for the questions it raises. Is having to unlock your phone safer than the standard two-factor authentication? It seems like it. When you get a code sent to your phone via SMS it flashes on the screen, assuming notifications are enabled. Anyone can see that code. There’s also the issue of SIM swapping, which isn’t widespread or cheap for scammers, but it does happen. This lets a scammer redirect the 2FA code to their own phone. As for law enforcement’s rights, that’s a whole other can of worms. A police officer can’t force you to give up a passcode for a phone, but the issue of using biometrics to unlock a phone is still murky. Generally speaking, “something you know” is still safer from a security perspective than “something you are.”

Continue reading

In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip
In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip

Apple saw huge success the last time it switched architectures to Intel, but this time? The jury's still out, but one thing is certain: Apple is about to make a lot more money.

Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops
Apple’s New M1 SoC Looks Great, Is Not Faster Than 98 Percent of PC Laptops

Apple's new M1 silicon really looks amazing, but it isn't faster than 98 percent of the PCs sold last year, despite what the company claims.

What Does It Mean for the PC Market If Apple Makes the Fastest CPU?
What Does It Mean for the PC Market If Apple Makes the Fastest CPU?

Apple's M1 SoC could have a profound impact on the PC market. After 25 years, x86 may no longer be the highest-performing CPU architecture you can practically buy.

Benchmark Results Show Apple M1 Beating Every Intel-Powered MacBook Pro
Benchmark Results Show Apple M1 Beating Every Intel-Powered MacBook Pro

Apple's new M1 SoC can beat every single Intel system it sells, at least in one early benchmark result. We dig into the numbers and the likely competitive situation.