In recent months, FIDO has taken a number of important steps to bring the death of the password closer to reality. In March, FIDO announced that it has figured out a way to store the cryptographic keys that synchronize between people’s devices, calling them “multi-device FIDO credentials” or “access keys.”
This was followed in May by Apple, Microsoft and Google declare their support for the FIDO standards. Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said the adoption of the standards would keep more people safe online. At the time, the three technology giants said they would start rolling out the technology “over the next year.” Microsoft account owners have been able to dropped their passwords since September last yearand Google has been working on it technology without password since 2008.
Once all the technology companies have rolled out their version of access keys, it should be possible for the system to work across different devices – in theory, you can use your iPhone to log in to a Windows laptop or an Android tablet to log in. a site in the Microsoft Edge Browser. “All of FIDO’s specifications have been developed in collaboration with input from hundreds of companies,” said Andrew Shikiar, CEO of FIDO Alliance. Shikiar confirms that Apple is the first company to start rolling out code-style technology, saying it shows “how tangible this approach will soon be to consumers around the world.”
Every success for a future without a password depends on how it works in reality. Currently there is unanswered questions about what happens to your access keys if you want to drop Apple’s ecosystem for Android or another platform. (Apple has not yet responded to our request for comment.) And developers still need to implement changes to their apps and sites to work with Passkey. Plus, in order to gain confidence in any system, people need to be educated on how it works. “Any viable solution needs to be more secure, easier, and faster than the passwords and older multi-factor authentication methods used today,” said Alex Simons, head of Microsoft’s identity management efforts, in May. In short: If systems across devices are clumsy or cumbersome to use, people may omit them in favor of weak but practical passwords.
Although Apple’s passkey and Google and Microsoft equivalents are still a few months away (at least), that does not mean you should continue to use your weak or repetitive passwords. Every password you use – whether for a one-time account used to buy do-it-yourself items, or your Facebook account – must be strong and unique. Do not use common phrases, names of friends or pets or personal information associated with you in your passwords.
Instead, your passwords should be long and strong. The best way to accomplish this is by using a password manager that can help you create and save better passwords. You can find our selection of the best password managers here. And while thinking about your security, enable multifactor authentication for as many accounts as possible.