Password Era Coming to End as Providers Support Passkeys
June 14, 2022
Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol.
Because they are device-specific, passkeys are unique, so unlike with passwords, recycling tired old ones is not an issue. “Services like Apple’s iCloud Keychain or Google’s Chrome password manager can synchronize passkeys across your devices,” CNET reports.
Google and Microsoft announced last month that they were joining forces to eradicate passwords by embracing the passkey protocol developed by the World Wide Web Consortium (W3C) and the FIDO Alliance (Fast Identity Online).
Because the passkeys are stored on devices, rather than third-party servers, “hackers gaining access to those servers wouldn’t find any passkeys to steal. They are also resistant to phishing since there’s no password to share,” writes The Wall Street Journal.
“Passkeys are heavily obfuscated by the operating system. This will deter most cybercriminals, because attackers wouldn’t get anything usable,” SecurityScorecard head of digital forensics and incident response Ondrej Krehel told WSJ. “Eventually, how we log on today will start to look foreign,” said FIDO Alliance executive director and chief marketing officer Andrew Shikiar.
“In recent months, FIDO has taken a series of important steps to bring the password’s demise closer to reality,” writes Wired, explaining that “in March, FIDO announced it has figured out a way to store the cryptographic keys that sync between people’s devices, calling them ‘multi-device FIDO credentials’ or ‘passkeys.’”
Microsoft has been offering customers passwordless accounts since September and Google also offered passwordless technology last year. “When all the tech companies have rolled out their version of passkeys, it should be possible for the system to work across different devices — in theory, you could use your iPhone to log in to a Windows laptop, or an Android tablet to log in to a website in Microsoft’s Edge browser,” Wired writes, noting that FIDO has developed the protocol in collaboration “with inputs from hundreds of companies.”
U.S. Cybersecurity and Infrastructure Security Agency director Jen Easterly told Wired that adoption of the standards will keep more people safe online.
No Comments Yet
You can be the first to comment!
Sorry, comments for this entry are closed at this time.