Microsoft, Google, and Apple: Three of the biggest names in tech right now, and three fierce competitors. Each has their own unique approach to the world of innovative technology, each trying to deliver the best computers, tablets, mobile devices, and online services that money can buy. As such, there’s not much overlap between the three and their individual visions of the future of technology. That’s why it’s so surprising that Microsoft, Google, and Apple are all three moving together toward a future without passwords. What will this mean for the way we log into our devices, and, perhaps more importantly, for the security of our technology going forward?
How Does Eliminating Passwords Equal More Security?
At first glance, the idea of eradicating passwords sounds ludicrous. How would we unlock our phones? How would we get into our social media accounts? How would our computers protect our personal info? The thought of getting rid of password protection goes so far beyond this, too: What about big companies responsible for safely and securely and privately storing our data? Or the world’s banks tasked with protecting the world’s financial info? How could a future without passwords somehow be safer? It all comes down to some tricky wording.
You see, getting rid of passwords doesn’t mean getting rid of protection — It actually means increasing that protection and making it more impenetrable than ever before. That’s because the movement is less about getting rid of protection and more about improving it to make it safer. This includes everything from a shift to passphrases instead of passwords, implementing two-factor or multi-factor authentication that requires additional info in order to allow users to log in, and moving toward physical security keys instead of passwords.
Why WebAuthn Has Been Pushing For a Passwordless Future for Years Now
While Bill Gates alluded to a passwordless future all the way back in 2004, Microsoft isn’t the one that started leading the charge as of late: WebAuthn is actually to thank for this. Formally known as Web Authentication API, WebAuthn relies on asymmetric cryptography instead of passwords to grant users access to their device or profile. Your device transmits a digital “signature” unique to you, and then WebAuthn verifies your identity — all without ever having to enter a password of any kind. Many tech companies currently use WebAuthn as a second factor, used in conjunction with a password for an added layer of super security, but it seems that the hope is for it to become much more than just an added measure sooner rather than later.
Thanks in part to WebAuthn’s innovation on this front, experts predict over 60% of the world’s largest and most elite companies and 90% of the world’s midsize businesses will have gone passwordless by 2022. That’s less than a year from now, which means that there’s about to be a lot of change happening in the very near future. It explains why Apple is now joining Google and Microsoft in pushing for passwordless devices across the board.
Apple’s Latest Update Brings Them Up to Speed With Google and Microsoft
While Google and Microsoft have already taken steps to become less reliant on passwords with their devices, Apple’s iOS 15 and macOS Monterey are expected to bring the company’s ever-popular phones and computers up to the competition’s level by embracing WebAuthn standards. It’s called Passkeys, and it’s going to remove the need to ever create a password to log into an app or a website.
Explaining the feature further in their latest presentation back in June, Apple engineers said that the new feature only requires a username, then can save your Face ID or Touch ID as a Passkey instead of typing in a password. This is similar to the Keychain feature that allowed users to manage their passwords with a passcode, Face ID, or Touch ID, but it takes it a step further by eliminating the password altogether and relying solely on that Face ID or Touch ID. This is comparable to Microsoft’s Authenticator app and Google’s FIDO2 (or Fast Identity Online).
What’s Next for Passwords?
Even with all this movement toward a passwordless future, it’s hard for some to imagine a future completely devoid of all passwords. The problems with passwords are almost universally known at this point: They’re easy to crack, they’re easy to lose, they’re easy to reuse, and they’re easy to steal. However, they’ve been the standard for decades now — comprehending a future without them is hard, and it’s no doubt going to create some resistance from users who just aren’t willing to embrace.
Still, when has user reluctance ever stopped a company from innovating? With such a united front at this point, it’s improbable that companies would suddenly turn away from the direction of a password-free future just because some are unwilling to go with the flow. Passwords are being phased out by tech companies whether us users are ready for it or not. It’s not going to happen overnight, but in just a few years’ time, it wouldn’t be outlandish to look back on this time in technology’s history and remember being on the brink of a passwordless existence. Think of it this way: If it results in fewer attacks, less stolen information, and increased security across the board, then it’s a change that is no doubt for the best.