Apple, Microsoft, and Google have jointly committed to building support for passwordless logins on all mobile, desktop and browser platforms they control over the next year to create a more secure personal information and online environment.
The three global technology giants with a total market value of over 5.39 trillion US dollars have rarely put aside their prejudices, cooperated together, and aimed at the gatekeeper of human digital life – password.
On May 5, World Password Day, Apple, Microsoft, and Google pledged to build support for passwordless logins across all mobile, desktop, and browser platforms they control over the next year to create a more secure Personal Information and Internet Environment.
This is a joint operation that cannot be underestimated. Apple occupies 60% of the high-end smart phone market, the Android system developed by Google covers 70% of global users, and Microsoft is the unshakable overlord in the field of computer operating systems.
The three giants have joined forces to “kill” the password and victory is in sight?
rare united front
No password is more secure than a password, which sounds counter-intuitive. But for many people, the concept of no password is not new.
Log in the APP of the mobile phone on the PC side, the mobile phone receives the confirmation information, and then completes the login to the computer through the mobile phone authentication. Fingerprint unlocking and face-scanning payment, which are often used in life, can also be classified as password-free technologies.
In fact, users who are accustomed to automatic login and mobile phone verification login, I am afraid that not many people still remember their passwords. In this case, is the password still necessary?
Apple, Microsoft, and Google have been exploring for years to build a password-free world before the average user realizes the problem.
At the recent Apple Worldwide Developers Conference (WWDC 2022), Apple announced a new technology called “Passkeys”. When a user needs to use a certain website or application, the iPhone will receive a request, and the user can authenticate directly on the iPhone through fingerprint or face ID, and then log in directly.
This process is not complicated, and has two advantages: one is that there is no need to remember the passcode, and the other is that the whole process can be completed on an iPhone. This means that any private information of the user will not be stored and leaked by the network server of the third-party manufacturer, and the security is greatly improved.
As Darin Adler, Apple’s vice president of network technology, said, Passkeys can’t be stolen because it never leaves your device.
Before Apple, Microsoft and Google have been in the password-free field for many years.
As early as 2017, Microsoft tried to use Microsoft Authenticator to allow users to log in to Microsoft accounts without passwords. In 2018, Microsoft upgraded and applied this feature to the Edge browser and Windows 10 systems. According to Microsoft’s official data, as of May 2020, 150 million users were logging in without a password every month.
In 2021, Microsoft announced that from September 15 of that year, users can completely delete their Microsoft account passwords and choose to use the Microsoft Authenticator app, Windows Hello, security keys, and more to authenticate to log in to the device.
Google announced in 2019 that in Android 7.0 and above, fingerprints or facial recognition can be invoked to log in to certain supported websites.
On the matter of “killing” the password, the Big Three reached a rare consensus. iOS and Android, Windows and MacOS will no longer fight for market share this time, but to achieve interconnection.
In 2013, 2015 and 2020, Google, Microsoft, and Apple successively joined the FIDO Alliance. The FIDO (Fast Identity Online) alliance is an online fast identity verification alliance. It is a non-profit industry association established by PayPal, Lenovo and other companies in July 2012. At present, its members have expanded to more than 300, including ARM, Apple, Well-known companies such as Samsung, Amazon, Alibaba, Netflix, etc., as well as standard-setting bodies and academic groups of various governments.
Their common enemy is the password that has played an important role in the history of the Internet, but also brought great trouble and security risks to human beings.
The world’s bitter password is long gone
From power-on passwords, mailbox passwords to login passwords for various websites, passwords have penetrated into almost every corner of life. Remembering various complex passwords has become a major challenge that people have to face. A joint study by Oxford University and Mastercard found that a third of online purchases were stopped because users forgot their passwords.
The password management software Nordpass recommends that a secure password should be at least 12 digits long, contain uppercase and lowercase letters, digits and special symbols, and should be changed at least once every 90 days.
Meeting the above password security recommendations and not reusing passwords is undoubtedly a burden for ordinary users.
In fact, most people don’t care about password security.
According to Microsoft’s 2016 data, about 20% of Internet users are using duplicate passwords, and another 27% are using passwords that are nearly identical to other account passwords. In 2018, a significant portion of web users still prefer weak passwords over secure ones.
The list of the most commonly used passwords in 2021 released by Nordpass shows that “123456” has appeared more than 103 million times, and it takes less than a second to crack. According to FIDO’s official website, 80% of data breaches are caused by passwords, as many as 51% of passwords are reused, and the average labor cost to reset a password is $70.
On the one hand, most passwords are useless, and on the other hand, the security flaws of passwords themselves are far greater than people think.
According to a Reuters report, in June 2020, a public report released by Awake Security, a world-renowned network security group, pointed out that a serious vulnerability exists in Google’s browser Chrome, allowing the personal data of tens of millions of users to be hacked. guest theft. According to statistics, malicious background programs have been downloaded at least 32 million times, which means that the passwords of 32 million users may have been stolen by hackers.
In September 2014, Apple’s iCloud was hacked, resulting in a leak of passwords and the distribution of private photos of around 200 celebrities online.
In 2018, the passwords of about 72 million T-Mobile carrier users were leaked due to vulnerabilities in Apple’s online store and the website of mobile insurance company Asurion.
Growing password security issues not only pose risks to individuals and businesses, but may even threaten national security. Attackers from the AntiSec group have attacked U.S. government military contractor Booz Allen Hamilton and released 90,000 U.S. military email addresses and passwords, including U.S. Central Command, Special Operations Command, Marine Corps, Air Force and Homeland Security account passwords.
The world’s bitter password is long gone. In the face of endless password security incidents and hidden dangers, Apple, Microsoft, and Google urgently need to bring safer and more efficient password-free technology to the foreground.
In 2022, the technological innovation of the FIDO Alliance has accelerated this process.
On the World Password Day on May 5, the three giants jointly announced the expansion of support for the common standard for password-free login, which is expected to solve the pain point of cross-platform authentication in the next year.
The difference from the past is that this time FIDO has made two new breakthroughs in cross-platform operation. One is to allow users to automatically link FIDO login credentials on multiple devices, including new devices, without having to re-register each account; the other is to allow users to use FIDO authentication on mobile devices to log in to apps and websites through nearby devices , regardless of which operating system platform these devices run or which browser they use.
A month later, Apple took the lead in handing over its first answer sheet at WWDC. Passkeys not only supports cross-device authentication between Apple’s iPhone, iPad, Mac, and Apple TV, but users can also use iPhone to unlock other non-Apple products in the FIDO alliance.
But “killing” the password is not so easy.
“Killing” passwords is not easy
In the 1940s, in order to decipher the German code, the United Kingdom developed a large-scale electronic computing device Colossus, which is the first programmable computer in human history. Computers were born from cracking passwords, and subsequently gave birth to the Internet.
80 years later, the tech giants born under the Internet have to “kill” passwords to create a more convenient and secure password-free world. This is an extremely difficult task.
Passwords older than computers have already penetrated into every corner of life. “Killing” a password is not only a technology upgrade, but also a lifestyle change, which is not easy. As CMO Andrew Shikiar, executive director of the FIDO Alliance, said: “The first thing almost any user does is set a password, and what we need to do is break that habit.”
In 2020, the number of active Windows 10 users exceeded 1 billion for the first time. In May of that year, the number of monthly passwordless login users announced by Microsoft was 150 million, only about 15%. At this point, nearly two years have passed since Microsoft promoted passwordless login on Windows 10.
In addition to the difficulty of changing user habits in a short period of time, another high wall in front of the Big Three is: To achieve passwordless login, you must first have a smartphone.
According to Strategy Analytics, as of 2021, 3.95 billion people worldwide use smartphones, with a penetration rate of about 50%. Also, not all smartphones can run passwordless technology. Apple’s upcoming Passkeys requires an updated iOS 16 version to use, and the iPhone SE 2016 and older phones before the iPhone 7 cannot get the iOS 16 update.
This means that if passwordless login were rolled out globally, at least half of the people would now be unable to use it.
In addition, although the FIDO Alliance has made progress in cross-platform applications, cross-platform key transfer is still a major pain point. To put it simply, although Apple phones can unlock non-Apple products under the FIDO framework, when users switch to Android phones, the keys saved on the terminal also need to be transferred in batches.
9to5Mac said that FIDO’s current solution does not yet allow batch transfers of keys between different ecosystems. If one wants to switch from an Android phone to an iPhone (or vice versa), the user will not be able to move all keys. By contrast, passwords are easier to transfer.
As Apple VP of Network Technology Darin described at WWDC, the transition away from passwords is a journey. In this journey, not only Apple, Google, Microsoft, but also companies and users around the world are required to participate.
Join T Kebang Facebook Fan Group