Today, May 5th, is the World Password Day. The reason for this event is to promote more security for online passwords. However, passwords have long been considered an outdated model of online account security. They are becoming increasingly unreliable due to phishing scams, poor password hygiene, and data breaches. Google and other tech giants, therefore, want to rely on authentication without a password in the future. Over the next year, all major device platforms have committed to building in support of new Fast Identity Online (FIDO) login standards.
FIDO Alliance wants to set new standards
“Unfortunately, passwords are still the standard on the Internet today. However, most users do not use these ideally. They often use the same passwords over and over again and fall for phishing scams. In addition, many apps do not have a large security team, which is why hackers can often steal data and sell it on the Internet. That’s why we want to introduce new security standards in the future,” says Andreas Türk, Group Product Manager at Google.
Google is part of the FIDO Alliance, an open standards organization founded in 2012 to solve password and phishing problems. The alliance also includes Microsoft, Apple, and Amazon. According to Google, the organization has now reached an important milestone. Over the next year, all major device platforms have committed to building in support of the FIDO passwordless login standards. Google wants to implement these standards in Android and Chrome. Apple and Microsoft have also announced that they will offer support in iOS, macOS, Safari, Windows, and Edge.
Authentication without a password
The new standards aim to make it easier to log in across all devices, websites, and applications, regardless of platform – without requiring a single password. When users log into a website or an app on their mobile phone, they only have to unlock it. Instead of a password, the phone stores a FIDO credential called a passkey, which is used to unlock the online account. The passkey is designed to make signing in much more secure as it is based on public key encryption and is only shown to the online account when users unlock their phone.
It works similarly on the computer. Here users only have to have their mobile phone nearby and will be asked to unlock it for access. Once they have done that, they can log in simply by unlocking their computer. Even if users lose their cell phones, their passkeys from the cloud backup will be synchronized with the new smartphone.
Google wants to make passwords more secure until the transition
But Google also acknowledges that passwords are still ubiquitous and the transition to other solutions will not happen overnight. That’s why the group wants to offer high-security standards for passwords by then. These include Google Password Manager and 2-Step Verification. According to figures from Google, 40% of users still prefer weak but easy-to-remember passwords. Password managers aim to solve this problem by remembering and securing them for users.
Google warns users when a password is compromised. According to the group, 500 million people use the manager to check their passwords every week. Many change their access codes if they are no longer secure. The proportion of users with compromised passwords has fallen from around half to “only” 30% in recent years. “But we want the data of all our users to be safe. That’s why we want to get away from passwords and towards new solutions in the future,” says Andreas Türk.