Microsoft, Apple, And Google Join Forces to Kill The Password
In honor of World Password Day — May 5th — the world’s biggest technology companies have announced an alliance to end our dependence on passwords. This would mean no more using passwords on any major platform, including desktop, mobile, and web browsers. No passwords on Windows, MacOS, Chrome, Edge, Android, iOS, Safari, etc. It’s certainly sounds appealing, but obviously questions about security remain.
Today Microsoft, Apple, and Google announced a joint venture to implement FIDO sign-in standards across their respective platforms. FIDO stands for Fast Identity Online, and instead of a password, people will use their phones to authenticate their identity. The phone stores a passkey, and it will only share it with a website or app once the phone is unlocked. With FIDO all you will need to do when trying to access a site that’s asking for your password is to unlock your phone; whether by FaceID, fingerprint, or similar method. You can still access your passkey even if you lose your phone according to Google. It will be synced to the cloud, and be resent to your new device. The companies will begin implementing the changes in the coming year, extending into 2023.
FIDO is already in use by a plethora of apps and sites, but previously a password was required to enable and configure it. The expansion of its support by Microsoft, Google, and Apple will get rid of that requirement. According to Apple’s press release, it will deliver “an end-to-end passwordless experience.” Despite this group acceptance of FIDO by these companies, companies who make apps and websites will still have to choose to adopt it. It won’t be something that’s automatically applied to everything right away. As Google noted in its blog post, “we understand it will still take time for this technology to be available on everyone’s devices and for website and app developers to take advantage of them.”
In light of this news, nobody would reasonably claim the current password situation isn’t a security nightmare. Most people have so many passwords they can’t remember them all. This leads to people reusing passwords, or using simple passwords, which is a security risk. FIDO says the average internet user has over 90 different accounts that require a password. There are current workarounds for this problem including two-factor authentication (2FA) and password managers. However, people have to take the initiative and actively enable 2FA on sites that support it, or figure out how to use a password manager. Both of those steps can be a heavy lift for a lot of users. What these tech companies are doing is essentially implementing multi-factor authentication globally, for all users. It’s unclear if a user will have to opt-in to this new method of authentication once it’s supported by their devices, but it sounds like it’ll be automatically enabled.
Now for the questions it raises. Is having to unlock your phone safer than the standard two-factor authentication? It seems like it. When you get a code sent to your phone via SMS it flashes on the screen, assuming notifications are enabled. Anyone can see that code. There’s also the issue of SIM swapping, which isn’t widespread or cheap for scammers, but it does happen. This lets a scammer redirect the 2FA code to their own phone. As for law enforcement’s rights, that’s a whole other can of worms. A police officer can’t force you to give up a passcode for a phone, but the issue of using biometrics to unlock a phone is still murky. Generally speaking, “something you know” is still safer from a security perspective than “something you are.”
Continue reading
Nvidia GeForce RTX 3060 Ti Launches Dec. 2, but Good Luck Getting One
The RTX 3060 Ti goes on sale tomorrow for a mere $399—it might even be affordable after the obscene reseller markup!
The US Air Force Quietly Admits the F-35 Is a Failure
The Air Force has finally admitted that the F-35 is not the aircraft the military hoped it would be, though we doubt Ferrari would appreciate being compared with the F-35.
Star Citizen Devs Angry, Forced to Work Through Life-Threatening Texas Storm
Multiple Cloud Imperium Games employees have spoken out against their employer over how they were treated during the 2021 Texas snowstorm.
Nvidia Doubles GeForce Now Subscription Price to $10 Per Month
Nvidia is increasing the paid tier from $5 per month to $10. This brings it more in-line with other streaming platforms, but the price was Nvidia's big advantage until now.