We could be looking forward to a future without passwords, and it might come sooner than anyone thought. Apple, Google and Microsoft announced plans Thursday to expand support for a move that would do away with passwords on websites and apps. The move could help protect against phishing attacks and, believe it or not, increase security for consumers.
The FIDO Alliance and an End to Password-Only Authentication
The tech giants have joined forces with FIDO, Fast Identity Online. FIDO’s mission is to create sign-in standards that don’t rely upon passwords. Instead, consumers would access their FIDO sign-in credentials using their iPhone and Touch ID or Face ID authentication. Similar authentication would be available for Android users, and even those on completely different platforms.
Apple senior director of platform product marketing Kurt Knight pointed out that the Cupertino-based company wants to help “offer better protection and eliminate the vulnerabilities of passwords” (via AppleInsider)
FIDO maintains that password authentication is one of the biggest security problems facing technology today. Passwords are reused frequently, so a breach in one website or service can affect many others. Being able to sign in using their mobile devices instead would help alleviate that.
Is the Current Plan for a Future Without Passwords Really More Secure?
It’s not really clear how the current depictions of FIDO’s security model would improve things, however. Yes, Touch ID and Face ID are superior to using passwords, but there’s a catch. Your iPhone also has a device PIN you can use when the biometric measures fail.
In fact, consumers need those PINs. After each reboot, you have to enter it to enable Touch ID or Face ID. There’s also a built-in timeout period (14 days) after which you have to enter your PIN to enable the biometrics.
Those passcodes are typically four to six digits long, much shorter and less complex than the average password. Sure, you can set a longer alphanumeric passcode for your device, but it takes an extra step. Most consumers don’t bother.
The approach does mesh with Apple’s passkey features introduced in iOS 15.4. With WWDC beginning in June, we could see more details of the security enhancements then.