Passwords suck, say Apple, Google and Microsoft. We agree.

From "Apple, Google, and Microsoft commit to expanded support for FIDO standard to accelerate availability of passwordless sign‑ins" posted early Thursday:

In a joint effort to make the web more secure and usable for all, Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.

Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.

My take: What? Three tech megacaps conspiring to reduce friction on their respective devices? Call the antitrust police!

4 Comments

  1. The facial recognition feature went out on my work iPhone X about 3 months before I replaced it. With no touch sensor, I had to enter my incredibly complex long passwords on that miniature keyboard, every @&))#% time. I set time out periods longer and learned to remember. I was forced to or be locked out. I also have 2 & even 3 factor ID on all accounts that offer it.
    I must admit the ordeal had an overall positive impact on my ability to remember far more important things. Important passwords are stored in a precious place in our brains. If we stop going there on a regular basis we forget other stuff.

    0
    May 5, 2022
  2. Michael Goldfeder said:
    Lina Khan is all over this once she locates her password to log into her G-Mail account that was changed a month ago, but she neglected to write down the new password issued by Google. It was one of those really complicated automated iterations randomly assigned that you actually needed a screen shot to have any chance of actually remembering it correctly.

    But rest assured, Lina is on her way!

    1
    May 5, 2022
  3. Greg Lippert said:
    Im so sick and tired of gov’ts trying to open up iOS. So many things are not open.

    For example, I am a Mets season ticket holder and they have an exclusive relationship with StubHub. I can only sell my tickets thru them. Why can’t I choose another provider?

    The list goes on and on….

    3
    May 5, 2022
  4. John Butt said:
    I tried Hide my email when it first came out. What a wonderful invention!

    I have effectively got this feature, fingerprint or facial login on my key logins and am working through the many rarely used ones. Better than that, I have already used the fantastic ability to cut off a vendor who abused my login by simply deleting that hide my email address.
    Unfortunately, it takes a lot of work to change so many logins, and some entities require you to email them your new email. But it can be done!

    0
    May 5, 2022

Leave a Reply