For those of you who don’t know, last week Thursday, 5 May, was World Password Day. Why do passwords need a day? If you have to ask, then you’re part of the problem.
The day was marked in 2013 by Intel Security as the first Thursday of May every year. The intention was to create awareness of and advocate for good cybersecurity and password habits. This is… sadly lacking, especially among people who think that ‘Password1’ is a good password.
To celebrate the occasion this year, Microsoft, Apple, and Google – the overlords of your personal info – announced plans to offer greater support for a FIDO (Fast IDentity Online) Alliance and World Wide Web Consortium (W3C) sign-in standard. The standard uses a passkey instead of a password for a faster, safer, and easier way to sign in to your accounts.
Password vs passkey: what’s the difference?
The difference between a password and a passkey is that you don’t need to remember a passkey. It’s a long string of hexadecimal characters that uses public-key cryptography and is securely stored on your device.
When you need to authenticate using your passkey, you’ll use your smartphone or similar device and authenticate yourself as you normally would with face unlock, a fingerprint, or your device code. Your device then securely communicates your passkey to the service you’re trying to sign into. If you lose your phone and your passkeys, you’ll be able to securely sync them with your new phone from cloud backups.
Despite what you might think, passwords aren’t very secure. Especially if you use the same one for more than one login. Password managers and two-factor Authentication do offer slightly increased security but they still all rely on a password.
The fact that Google, Apple and Microsoft are collaborating on this could finally mean a single way to handle your sign-ins across all platforms, no matter your device choice. But as grand as their collective vision of a passwordless future is, it’ll still be some time before we’re able to move away from passwords completely. In the meantime, free password managers and 2FA remain an option for those that value their online security.
Source: FIDO Alliance