National Password Day comes along once every year, and tech firms are celebrating this year by unveiling plans to get rid of the borderline medieval security measure altogether.
Passwords have long been the first line of defense when it comes to online security. So long, in fact, that the technology is slowly becoming less and less proficient at actually protecting its users. Attempts have been made to bolster their security in a world that can hack most passwords in only a few seconds.
Fortunately, tech firms like Apple, Google, and Microsoft are starting to get wise to the inevitable downfall of passwords, and have released plans to get rid of passwords, once and for all.
Big Tech's Plan to Ditch the Password
Rarely seen on the big tech landscape, the likes of Google, Apple, and Microsoft are joining forces to make security a bit more comprehensive for everyday users. Announced in press releases from Google, Apple, and Microsoft, the companies plan to enact plans that get rid of password use across the board. So how will you sign into your many, many accounts?
“When you sign into a website or app on your phone, you will simply unlock your phone — your account won’t need a password anymore,” read the Google press release.
Conversely, if you're signing into a website on your computer, “you'll need your phone nearby” to sign in, which shouldn't be too big of a leap for users that are glued to their devices 24 hours per day.
If you're thinking this process seems too simple, you're right. The technology would be as easy as logging on your phone, which will store a FIDO credential — dubbed a passkey. This will allow you to sign into accounts by simply unlocking your phone, which is obviously tied to your identity pretty firmly.
Why get rid of passwords now?
To be fair, Google, Apple, and Microsoft aren't necessarily spearheading this passwordless movement. In fact, the FIDO (fast identity online) Alliance — an open industry organization committed to improving online security by reducing the world's overreliance on passwords — brought the three tech firms together in a show of force for the future of online security.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance in a statement.
To be clear, these plans are very much in the early stages, and FIDO and big tech will both have to work hard to get websites and apps on board with this kind of innovation. Still, it's hard to argue that passwords feel more than outdated enough to warrant a simple replacement.
“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online,” said Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency.
Outdated is one thing, but are passwords actually that unsafe as far as online security is concerned? To put it delicately, yes absolutely.
What's wrong with passwords anyway?
You might assume, due to the prevalence of passwords, that they are largely considered a safe way to secure your personal data. In fact, when used correctly, passwords can seriously protect your information online from virtually any hacker that has you in their sights.
Unfortunately, virtually no one uses passwords correctly. 85% of users admit to using the same password on multiple sites. The most commonly used password in the world is “123456.” Even worse, no one wants to get better at password security, with the majority of users pushing back when forced to use different logins for their accounts.
Suffice it to say, passwords just aren't going to cut it when it comes to online security. Experts know that you need a lengthy password with a variety of characters and numbers to keep hackers at bay, but everyday users are simply never going to get on board with these kinds of security measures. Clearly, we need a new way and, luckily, big tech is working on a long-term solution.
In the meantime, if you really want to try to secure your information online, password managers are your best bet. They aren't perfect, but they will help you follow password best practice — like having unique passwords for every account and alerting you to compromised logins — without having to commit too much to memory.