By: Mark Sheldon Villanueva on June 30th, 2022
Microsoft, Apple, and Google are Stepping Toward Passwordless Future
No one likes using passwords. Ensuring they are safe takes a lot of work. You need to memorize long strings of alphanumeric code and then change them after a certain period of time. Otherwise, you could wind up with a weak or compromised password that allows an attacker to force their way into your network.
In fact, compromised credentials are the cause of a majority of malicious attacks, accounting for 61% of breaches. Microsoft even pointed out that they recorded a whopping 579 password attacks every second—that's 18 Billion every year. As Bret Arsenault, Microsoft's Chief Information Security Officer (CISO), likes to say: "Hackers don't break in; they log in."
With that in mind, it may be time to give up on passwords altogether. That's what three of the world's largest tech companies have in mind. For years, Microsoft, Apple, and Google have been promising a shift away from traditional login procedures toward a passwordless future. And, it seems like 2022 is the year that finally happens.
On May 5, 2022, the three tech companies announced a joint commitment to increase support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium (W3C). The announcement brought renewed energy toward the push to ditch passwords as it will ensure that all major platforms will have a unified, secure way to log into their accounts.
At ITS, we're committed to helping businesses find the best ways to secure their technology. From our experience, going passwordless might make the most sense in the long run. That's because no matter how robust your cybersecurity measures are, a weak password can always undermine your efforts.
In this article, we'll take a look at what a passwordless future will look like.
How a Passwordless Future Will Look Like
The process of signing in without passwords is definitely nothing new. You might even already be using something similar, like when you use your face, fingerprint, or device PIN to unlock your smartphone. The only difference is that many of these systems usually require you to first create an account with a password. The future, however, will be completely passwordless.
That's because Microsoft, Apple, Google, and the FIDO Alliance have banded together in a historic collaboration to take a step away from passwords and expand support for passkeys. Those are multi-device FIDO credentials that offer users a platform-native way to safely and quickly sign in to any of their devices using their biometric data or device PINs. A feature that will soon be available across all Microsoft, Apple, and Google platforms as early as next year.
Having the support of Operating System (OS) makers and major platforms will help make it easier for users to do away with passwords. It will technically transform your smartphone as a "roaming authenticator" across all accounts you're signing into.
The shift can virtually eliminate phishing attacks and stolen passwords. That's because you can't steal something that didn't exist in the first place.
Roadblocks to a Passwordless Future
The success of any passwordless sign-in system will hinge on how much easier it will be to use compared to using passwords. That's because convenience trumps all when it comes to forming lasting habits in users. If passkeys are clunky or difficult to use, then it's likely to fail. People would sooner opt for weak, yet convenient passwords.
Another roadblock is trust. Passwordless systems need to earn it from their users if they want a chance at succeeding. People need to know how it works, how secure it is, what safeguards there are, etc. Otherwise, what's the point of going passwordless in the first place if users feel safer with passwords?
In short, a passwordless future is only possible if the solution available is safer, easier, and faster than the one it is replacing.
What to Do While Waiting for the Passwordless Future
You don't need to wait for passwordless systems to roll out before you reinforce your identity security measures. Take a look at some of the steps you can take today to bolster your account security:
Create Stronger Passwords
Ensure everyone on your team is using strong passwords. Those should be a combination of numbers, letters, and special symbols with no particular order. Add in some upper and lowercase letters for good measure.
Change Passwords Regularly
Changing your password regularly will give attackers a limited window where they can leverage stolen passwords. That's easier said than done, however. Implementing it across your organization will be a challenge, as keeping tabs on everyone's credentials is a full-time job. If it proves too difficult, contact your IT services provider to find out how they can help you automate this process.
Use Multi-Factor Authentication
Multi-Factor Authentication (MFA) is an authentication method where you are only granted access to a website or application after successfully presenting two or more pieces of evidence to an authentication system. While it's not 100% effective, it's one of the most impactful ways an organization can improve its security posture.
Use A Password Manager
A password manager is a tool that generates and retrieves complex passwords and stores them in an encrypted database. That allows you to log in to apps and online services automatically without worrying about different passwords across your accounts. Some examples of password managers are LastPass and 1Password.
Are You Ready to Go Passwordless?
Passwordless might be the direction we are all headed in the future. It's one where weak passwords, phishing, and stealing credentials would be a thing of the past. However, there are still roadblocks ahead, the technology is still being developed, and it still has to overcome the test of trust and convenience. Meanwhile, cyber-attacks continue to happen, and criminals still do it by stealing credentials.
Thankfully, you don't need to wait for passkeys to roll out to bolster your account security. Taking steps like creating strong passwords, changing them regularly, using a password manager, and implementing MFA can help right now as you wait for a passwordless future.
At ITS, we help businesses protect their data from all kinds of cyber threats. To learn more about how you can prevent attacks that leverage your stolen credentials, check out our article for password management tips.