With the aim of “making the web more secure and usable for everyone”, appleGoogle and Microsoft have committed to expand passwordless login support across all websites, applications and systems they control, implementing the technology over the next year. The announcement was made jointly by the technology giants this Thursday (5), where World Password Day is also remembered.
replacing the traditional password authentication, the new features will allow companies to offer an end-to-end passwordless option. They will be available on iOS, macOS, Safari, Android, Google Chrome, Windows, and Microsoft Edge, among other platforms.
Users will be able to log in using the same action performed multiple times a day to unlock their devices, using the device’s fingerprint, facial recognition or PIN. According to big techs, the new method is safer than the common passwords and the SMS authenticationincreasing protection against phishing attacks.
Passwordless login should be widely available by 2023.Source: Google/Disclosure
This passwordless authentication standard was developed by the FIDO Alliance and the World Wide Web Consortium (W3C) and is already supported in services controlled by Apple, Google and Microsoft, among other companies. However, you must log in separately, on each platform and device, in order to use the technique.
In a statement, Google detailed how the login without password, which in the coming months will be enabled on all its platforms. According to the search giant, you can set your cell phone as the main authentication device for websites, apps and other digital services.
Once the choice is made, the device will store a credential provided by FIDO, based on public key cryptography, with which you can unlock your account online. Using the defined default action — biometrics, PIN or drawing a pattern on the screen — will be enough to enter online services without having to enter the password.
The mechanism brings several advantages, ending the practice of using the same password on all websites, making it difficult for cybercriminals to act. Technology can also facilitate account recovery and does not require a new registration in case of loss of the phone, as the access keys are saved in a backup in the cloud.