Online Safety
Tech-Allianz is expanding secure login procedures without a password
Many passwords are insecure. So-called two-factor methods are safer. The usability of the additional security level is now to be improved.
The world’s leading tech companies Apple, Google and Microsoft want to facilitate secure login procedures in the future that do not require a password when logging in.
The companies announced this in a joint statement on Thursday. The new features are intended to enable websites and applications to offer consumers secure and easy logins without a password on all devices and platforms. The standard was developed by the Fido Alliance and the World Wide Web Consortium. The Fido Alliance not only includes hundreds of technology companies and service providers, but also authorities such as the Federal Office for Information Security (BSI).
With the innovations, the industry wants to ensure that in future sensitive data will increasingly no longer be protected by a password alone. Experts have been pointing out for years that even complex passwords that consist of several letters, numbers and special characters and are changed regularly are insecure. They recommend using login methods that also require a security stick or the code from an authentication app. The latest variant of the Fido standard even works without a password that you have to remember.
The current announcement adds two new functions to the standard: On the one hand, users can automatically access the access data on multiple devices and also on new devices – without having to register again for each account. They can also use authentication on their mobile device to log in to an app or website on any of their nearby devices – regardless of the operating system or browser used.
The current technical implementation has so far required that users have to log in separately on each website or app with each device before they can use the passwordless functionality. This is now simplified. The new features are expected to be available on Apple, Google and Microsoft platforms over the next year.
“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, senior director of product management at Google. “The full shift to a passwordless world will begin with consumers making it a natural part of their lives,” said Alex Simons, corporate vice president, identity program management at Microsoft. Any viable solution must be more secure, simpler and faster than the passwords and traditional multi-factor authentication methods used today.