We’re always harping on passwords. They’re the root cause of 81% of data breaches, but due to the dizzying number of online accounts people have, 65% of us still reuse them.
In a joint effort, tech giants Apple, Google, and Microsoft have announced that they are committed to building support for passwordless sign-in across all of the mobile, desktop, and browser platforms that they control in the coming year.
Effectively, this means that passwordless authentication will come to all major device platforms in the not too distant future: Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop environments.
Instead of using a password, you’ll sign in with your smartphone or other devices — similar to 2-factor authentication. But this method is called “public key cryptography.”
How it works
Let’s say you decide to create an account with your favorite online retailer. When you register, a key pair is made: a public key shared with the retailers website, and a private key that stays on your phone.
Keys are just very long, connected numbers. For example, a private key could be 2 long prime numbers, and a public key would be what you’d get if you multiplied them.
But you won’t see these digits. You log in the same way you unlock your phone (e.g., entering a PIN or scanning your fingerprint). Your phone verifies with the website that you have the right key.
Okay, but what if someone steals your phone?
No big deal. They’d still need to complete the challenge, meaning they’d need to know your PIN or have possession of your finger.
Meanwhile, your keys are backed up in the cloud, so you can store them on multiple devices in the event one is lost or damaged, or transfer them to new ones.
Other benefits:
FIDO protects against phishing attempts. You won’t even have to use a password during initial sign-up.
However, there will still be hurdles. Not everyone has a smartphone or a device new enough to adopt passwordless logins.
And one survey found that while 85% of respondents wanted to use fewer passwords, 72% believed others would stick with passwords because it’s familiar.
Fun fact: A recent survey by digital safety platform Aura found 39% of US pet owners have used their pet’s name in a password — 48% of whom have also posted their pet’s name online. Just another reason to ditch using passwords and I’m looking forward to it.