In recent months, FIDO has taken a series of important steps to bring the password problem closer to reality. In March, FIDO announced they had found a way to store cryptographic keys sync between people’s devices, calling them “multi-device FIDO proofs” or “password keys.”
Next is Apple, Microsoft and Google in May declare their support for the FIDO standards. Jen Easterly, Director of the US Cybersecurity and Infrastructure Agency, says adopting these standards will keep more people safe online. At the time, the three tech giants said they would start rolling out the technology “within the next year.” Microsoft account owners can already removed their password since last Septemberand Google has been working with passwordless technology since 2008.
Once all the tech companies have implemented their version of the passcode lock, the system should be able to work on different devices — you could, in theory, use your iPhone to sign in to your device. Windows laptop or Android tablet to sign in to a website in Microsoft’s Edge Browser. “All FIDO specifications have been co-developed with the participation of hundreds of companies,” said Andrew Shikiar, chief executive officer of FIDO Alliance. Shikiar confirmed that Apple was the first company to begin implementing cryptographic technology, and said that it shows “how soon this approach will work for consumers around the world”.
Every success for a password-free future depends on How does it work in practice?. Current unanswered question about what happens to your Passkeys if you want to port Apple’s ecosystem to Android or another platform. (Apple has yet to respond to our request for comment.) And developers still need to make changes to their apps and websites to work with Passkey. Plus, to gain confidence in any system, people need to be educated on how it works. “Any possible solution should be safer, easier, and faster than passwords and the old multi-factor authentication methods used today,” said Alex Simons, head of the management effort. Microsoft’s identity manager, said in May. In a nutshell: If cross-device systems are hard to use or difficult to use, people can steer clear of them in favor of weak but convenient passwords.
While Apple and Google Passkeys and Microsoft equivalents are still a few months away (at least), that doesn’t mean you should continue using your weak or repetitive passwords. Any passwords you use — whether it’s your one-time DIY account or your Facebook account — must be strong and unique. Don’t use common phrases, the names of friends or pets, or personal information associated with you in your password.
Instead, your password should be long and strong. The best way to achieve this is to use a password manager, which can help you create and store better passwords. You can find our selection of The best password manager is here. And while you’re thinking about your security, enable multi-factor authentication for as many accounts as possible.
