End of the password? Apple, Microsoft, Google changing logins forever | #android | #security | #education | #technology | #infosec

Apple, Microsoft and Google will soon offer users that have trouble remembering their passwords a futuristic alternative. The trio of tech giants revealed on May 5 – World Password Day – that they are working together to rollout passwordless sign-ins across all desktop, mobile and browser platforms that they control. And this new feature could be dropping sooner than you think, with Apple, Microsoft and Google committing to releasing the feature this year.

The pledge means the new passwordless tech will be coming to Android and iOS operating systems, along with the Google Chrome, Microsoft Edge and Safari browsers as well as Windows and macOS desktop devices in 2022.

In a statement Kurt Knight, senior director of platform product marketing at Apple, said: “Just as we design our products to be intuitive and capable, we also design them to be private and secure.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”

In a blog post Google explained how this passwordless future will work, with unlocking a phone – for instance – via a pin, a draw pattern or fingerprint unlock being enough to sign-in to online services without ever having the need for a password.

This will be done via a unique token called a passkey which is shared between phones and a website.

Explaining how this works, Google said: “When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore.

“Instead, your phone will store a FIDO credential called a passkey which is used to unlock your online account. The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone.

“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”

While Vasu Jakkal, Microsoft’s vice president for security, compliance, identity, and privacy, when speaking to The Verge added: “With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running.

“For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.”