Passkeys From Big Tech Might End Traditional Passwords
Tech authorities Apple, Google, and Microsoft have joined forces with the Fast ID Online (FIDO) Alliance and the World Wide Web Consortium (W3C), two organizations committed to developing passwordless sign-in standards, to provide a safer login experience for all. FIDO authentication is known as “passkey” among Big Tech. Apple, Google, and Microsoft announced broader support of passwordless sign-ins over the course of the past year. These companies have already started to implement FIDO’s passwordless technology across their platforms and products. Microsoft was one of the first companies to allow users to go passwordless across all Microsoft products. In December 2022, Google enabled passkeys on Chrome for Android, macOS, and Windows, while Apple currently allows users to use passkeys on iOS 16 for iPhones and macOS Ventura for Macs. Thanks to this adoption, FIDO authentication is gaining momentum in other industries. In October 2022, PayPal announced safer logins for customers with passkeys. The global payment provider has made passkey logins available for iPhone, iPad, and Mac users, promising to cover more platforms as they start supporting passkeys. Kayak, WordPress, BestBuy, CardPointers, and eBay are just a few online services transitioning to passkey logins as well. Big Tech is prompting users to go passwordless. As reported by the Microsoft Digital Defense Report, hackers, human error, and password recycling between platforms have contributed to upwards of 921 cases of password attacks in a single second. By 2024, the US federal government is expected to fully embrace this phishing-resistant authentication. Passkeys are soon expected to replace traditional passwords across platforms and services. According to Apple, “password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers.” Apple also called for “simpler, stronger authentication” via “ubiquity and usability.” Passkeys are far more secure than standard passwords because hackers would need to have access to both the application’s public key and the user’s private key to access sensitive information. Passkeys rely on cryptographic tokens instead of traditional passwords that can be easily compromised. The user can log in with a username and use a pre-authenticated device where a simple verification of a fingerprint, face, or PIN would suffice. Because passkeys rely on an external device, the only potential downfall to using passkeys would be if a user loses the device they use for authentication. Having a backup device could be one solution – otherwise, the user would have to reset their passkeys. Some platforms also make passkeys shareable between devices, so even if one device is lost, or the user gets a new device, the passkeys are securely stored in the cloud via end-to-end encryption.