san francisco A login method that three tech giants want to introduce next year is said to be more secure than two-factor authentication. Remembering your password should be history. However, users need a cell phone.
Apple, Google and Microsoft want to eliminate passwords and replace them with a more secure method of accessing accounts or devices. The three tech giants wanted to “collaborate across multiple platforms” to achieve “the complete shift to a passwordless world,” Microsoft Vice President Alex Simons said Thursday. Companies therefore want to rely on the security standards that have been developed by the Fido Alliance and the World Wide Web Consortium.
The Fido Alliance is an industry coalition that has been working on password replacement since 2013. According to Fido President Sampath Srinivas, Product Manager at Google, support for passwordless logins will be incorporated into his company’s Android and Chrome software over the next year. Apple and Microsoft have announced similar plans for their software.
Cellphones will store a Fido ID, called a “passkey,” when signing up for a new service, which will be used to unlock online accounts, Srinivas explained in a blog post. “When you log into a website or app on your phone, all you need to do is unlock your phone.” And to log into a website on your computer, “you just need your phone nearby and you’re just prompted to use it to access the unlock,” Srinivas further explained.
The Fido method is touted as more secure than so-called two-factor authentication, which involves sending one-time passwords via text message or email. With the Fido standard, the connection is tied to previously registered devices. If a user tries to log in to a service, it sends a request to the device and the user must confirm it using their preferred unlock method, such as fingerprint or PIN. The device then only sends the confirmation; sensitive information such as a password or fingerprint does not leave the device.