SAN FRANCISCO: Apple, Google and Microsoft said Thursday (Friday in Manila) they are looking to get rid of passwords and replace them with a more secure way to access accounts or devices.
The US tech titans jointly announced support for a common standard that will let people sign in by unlocking their mobile phones, say, with fingerprint or face recognition.
“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives,” said Microsoft Vice President Alex Simons.
“By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords.”
Reliance on passwords alone is decried as a major security flaw on the internet, with people keeping them overly simple or using the same one repeatedly to make it easier to manage many accounts.
Adopting standards created by the FIDO Alliance and the Word Wide Web Consortium will let websites and device makers build secure, passwordless options into their offerings, the groups said in a release.
Using secure keys instead of passwords would stymie phishing scams that trick people into disclosing log-in credentials and hackers that steal such data.
“Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords,” said Jen Easterly, US cybersecurity and infrastructure security agency director.
Support for password-free log-ins will be woven into Android and Chrome software over the course of the coming year, said Sampath Srinivas, Google product manager and FIDO Alliance president.
Apple and Microsoft announced plans to do likewise with their software.
“This will simplify sign-ins across devices, websites and applications no matter the platform — without the need for a single password,” Srinivas said in a blog post.
“When you sign in to a website or app on your phone, you will simply unlock your phone.”
Mobile phones will store a FIDO credential referred to as a “passkey” that will be used to unlock online accounts, Srinivas explained.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access,” Srinivas said.
Eliminating passwords was billed as more secure than two-factor authentication that involves getting one-time passcodes texted or emailed as secondary confirmation when logging into sites or services.