The announcement came just before World Password Day, which is recognized annually on the first Thursday of May. It highlights the use of safe password habits, but some major tech companies say password-only authentication is of the biggest security problems on the web.
“Fundamentally, what we’re doing is letting you use your everyday device — the same thing that you do multiple times a day — to unlock your device now to log in, in a way that is just leaps and bounds more secure than anything that you’re doing today,” said Megan Shamas, a spokesperson for FIDO, the authentication company leading the charge.
Together, Apple, Google and Microsoft plan to follow a standard created by the FIDO Alliance and the World Wide Web Consortium. That means that websites and apps could offer an “end-to-end passwordless option,” according to a news release. Users would sign in with the same method they use multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.
Without passwords, users would no longer need to store their personal information on a distant server. Rather, their private data would be secured on their device. The approach protects against phishing and makes the sign-in process overall more secure, according to the release.
Microsoft estimates there are 921 password attacks per second. The average data breach costs a company more than $4 million. They’re becoming more common, too, spiking 68% from 2020 to 2021.
“Whatever you use to unlock your device, whether it be a face or a fingerprint, or pattern or pin, you can then use this to login across all of your devices, and that data stays private to you. And importantly … it takes the need for a password totally out of the equation,” Shamas said.
Many platforms already use passwordless sign-in methods, but the newly announced partnership will make it more common.
The change won’t be immediate but FIDO expects a much more password-free internet by 2023.