It was revealed this week by Apple, Google, and Microsoft that they would soon enable a method of authentication that does away with passwords entirely and instead asks users to just unlock their handsets. However, several experts warn that most websites may be years away from completely removing the need for passwords in the near future, despite the fact that the improvements are expected to help thwart many forms of phishing assaults.
Passwords, which are quickly forgotten, regularly hijacked by malware as well as phishing attempts, or disclosed and sold online after corporate data breaches, are being replaced by industry-led efforts.
For more than a decade, the FIDO (“Fast Identity Online”) Alliance and the World Wide Web Consortium (W3C) have been collaborating with hundreds of technology companies to create a new login requirement that tends to work the same way throughout all browsers and platforms. Apple, Google and Microsoft are among the more active contributors to this change. FIDO has also released a white paper regarding its approach.
What will replace passwords?
By using a device PIN or biometric such as a fingerprint or face scan, users may log in to websites in the same way they unlock their devices every day, says the FIDO Alliance. With this new method, sign-in and phishing will be much more secure than with traditional multi-factor solutions like SMS one-time passcodes.
Using a single passkey to replace several passwords is the goal. The passkey is based on public-key cryptography and is only displayed to your online account when you unlock your phone, making it significantly more secure while signing in. In order to login into a site from your computer, you merely need to have your phone close by and unlock it for login. After that, aside from unlocking your computer, this is all you’ll ever need for logging into the system.