Microsoft, Google, and Apple Are Killing Passwords to Improve Data Security and Ease Login Processes
Key Points:
- Apple, Microsoft, and Google want you to go passwordless and use facial recognition, passcodes, or fingerprint IDs to confirm your identity.
- The announcement to shift to password-less technology could mean the death of passwords, which have proven unreliable in securing data.
- For many years, the three tech giants have independently tried to implement passwordless technology but failed because not everyone embraced the approach.
- The three companies joined forces to create the passwordless technology and made it available to their customers and anyone who wanted to use it.
- While facing some challenges, the three companies are committed to moving billions of devices away from passwords entirely to a password-free standard tech they’re working for.
Microsoft, Google, and Apple want you to move towards a passwordless future. For over a decade, the companies have been working towards a no-password world independently, to no success.
The three tech giants are joining forces for the first time to create a new generation of passwordless authentication methods. The companies support the password-free standard that FIDO Alliance and the World Wide Web Consortium are developing.
In an age where data breaches are becoming increasingly common, it’s clear that passwords aren’t enough to protect our information. Hackers can steal, phish, or obtain passwords. The three companies believe that moving to passwordless technology will solve the security problems of passwords. With the passwordless approach, you’ll sign in to sites and services without remembering a single password.
How A Passwordless Future Will Look Like
Google, Apple, and Microsoft are working toward security approaches that will let people verify their identity using a combination of:
- Biometrics
- Security keys
- Facial recognition
- One-time codes
The three tech giants have been working on an initiative to eliminate passwords as a weak link to websites, applications, and accounts. The companies have been working on their own and siloed within their environment.
After trying the passwordless approach independently, the three tech giants joined forces to develop the technology jointly and make it available not only in their companies but to anybody that wants to use the underlying technology to eliminate passwords.
The approach aims to make it harder for hackers to access people’s data and make logging into accounts much more convenient. While there are still some challenges to overcome, it’s exciting to see the tech giants working together to create a more secure future for everyone.
The Challenge of Implementing Passwordless Authentication
While there is no question that passwordless authentication will take over the future of authentication, there are challenges to implementing the technology. The challenges include:
1. Deployment Challenges — Not All Businesses Are Ready to Go Passwordless
Passwordless technology might require employees to link their business accounts with their phones. However, not all businesses are ready to take that move.
For example, in California, if you want your employees to use their phones for any business purpose, your business must reimburse them. Employees’ phone is not something you gave them, but an item they bought themselves.
Many big companies shy away from forcing employees to use their phones or anything because it’s an expensive proposition. In such cases, businesses will be forced to stick to the old way of using user ID and password and potentially multifactor authentication.
2. The Weak Link of the Passwordless Technology — It Isn’t a 100% Foolproof
Like any other solution, there isn’t a 100% foolproof approach. While passwordless authentication eliminates issues that come with compromised credentials, the technology cannot protect against all existing cybersecurity risks.
If a person holds a gun to your head, has your phone, and forces you to log into your account, they might be able to get into your accounts.
Another weakness is that if someone comes to your workstation and you’ve left your workstation open, they might go ahead and put in your username. If the username is your email, and the authentication mode is email, they’ll get the code if your email is open and get into your account. However, you can prevent the above scenario by selecting the alternative way to log in.
Even with a passwordless approach, your company will steal be exposed to other forms of cyber attacks such as:
- Malware attacks
- Duplication of biometric feature
- Account takeover if users lose their devices
3. Users’ Acceptance of the Passwordless Technology
The beginning of the implementation of passwordless authentication is a complex task. Users must learn new technologies, apply new authentication factors in each login, and set up new devices.
People who are used to password authentication can see passwordless authentication as an inconvenience at first.
Passwordless vs. Layered Security
It would be best if you didn’t confuse multifactor authentication with passwordless technology. Multifactor authentication requires you to put in your user ID and password and then prompts you to enter a code sent via text or email. Otherwise, you won’t get in.
Multifactor authentication aims to prevent attackers from guessing or stealing passwords to access your account to spy or steal credentials from you.
The passwordless concept is out there to some extent. Some people have built call-you version one. The idea is that you go to a site and put in your user ID; based on that, the system will text you or use an app to get a code to enter or press a button to get you into your account.
Password Elimination Will Improve Your Security Posture
The passwordless system will eliminate the need to remember a password. You’ll only need to put in your user ID — that might be email — and then you’ll have to log in after authentication with your phone.
However, the core benefit of passwordless technology is that it’ll reduce the surge in cybercrime and identity-related losses. Eliminating passwords will eliminate threats such as phishing and the need for your company to reset and monitor passwords.
Alvarez Technology Group Will Help Your Business Implement Cybersecurity Solutions
Our experts at Alvarez Technology Group can help you predict and protect against cyber attacks. For over 20 years, we’ve been empowering companies so they can worry less about their data security and instead focus on business success. Contact us today to help you get prepared for any security issues that might arise.
