WE’VE BEEN PROMISED the end of password-based logins on the internet for a very long time, but now it seems that promise may finally be fulfilled.
The FIDO Alliance, an industry group aimed at standardizing authentication methods online, announced that its passwordless sign-on method has received support from the big browser builders: Apple, Microsoft, and Google. That means that later this year you will be able to sign in to your various web accounts across the internet without using a password in all the major browsers.
If you use a modern smartphone, you’ll recognize how this works. Instead of asking you to enter a password, websites will push a notification to your phone that prompts you to verify your identity. You just authenticate using the same method you normally use to unlock your phone. That could be entering a PIN, using your phone’s fingerprint sensor, or using its face unlock system. FIDO’s passkey system alternatively lets you use one of your other existing devices to authenticate by sending the unlock request to that device using Bluetooth. So as long as you have your phone, laptop, or iPad nearby, you can log in with this method anywhere.
Some apps and websites offer a biometric authentication option already, but in most cases, you must have an existing account (that you created with a password) in order to activate the biometric alternative. FIDO’s system would allow you to use the biometric option from the start, meaning you’ll never need to even come up with a password to create an account. It’s also important to note that this passkey system doesn’t replace two-factor authentication; it just replaces the password in a standard authentication flow.
The FIDO Alliance published a white paper in March outlining this concept, but the announcement that the big browser makers had pledged support came this week in celebration of World Password Day.
Actually killing the password entirely is a tricky, complicated prospect, given that they’ve been the de facto way of verifying your identity on the internet for decades, and many people will be loath to give up the comfortable and familiar method of logging in. Still, having the big browsers on board with this new method is a huge step. May we never have to type out nAsC4rr0xx420! ever again.
Click here to read the full article on Wired.