Apple, Google, and Microsoft combine efforts toward passwordless logins

Daniel Sims

Posts: 517   +20
Staff
In context: Tech companies have been trying to get rid of passwords for years. Users often have too many passwords to keep track of, and alone they aren't very secure. This week, Apple, Google, and Microsoft have announced plans to strengthen their cooperation towards easy, passwordless logins between their platforms.

Google and Microsoft already support the FIDO Alliance in its effort to build a set of passwordless login protocols. Marking World Password Day, Apple has joined the cause too. All three tech giants have pledged to make logins simpler across all their devices and operating systems over the next year.

In 2019, Microsoft started using FIDO certification to expand the number of sites and services that used Windows Hello to sign in with PINs, fingerprints, and facial recognition. However, this only works for Windows. That same year, Google introduced the ability to use Android phones as physical two-factor authentication devices using FIDO.

The new plan will let users with Microsoft, Android, or Apple devices use FIDO passkeys to log in to websites and apps across operating systems and browsers without passwords. For example, a user will be able to log into a site on Google Chrome running on Windows by simply unlocking their iPhone. Users will also be able to effortlessly transfer their FIDO credentials for all their logins to new devices.

This movement promises logins that are not only easier but also more secure than passwords. The FIDO Alliance says its passkeys, using public key cryptography, are almost impossible to phish and remain solely on users' devices. Maybe then we'll stop seeing "123456" as the most common password year after year.

Permalink to story.

 

MakeMSGreatAgain

Posts: 26   +25
I'm not entirely convinced they will be keeping this biometric data solely on the users device. This data will get to their servers (Apple, Microsoft, etc.) and eventually out to the internet. If this is optional and not forced, fine... up to the user, but if it is forced, then no thanks. Bad idea... If your password gets stolen, you change it. Don't be stupid and use the same one across multiple accounts, if you do then you pay for it and have to change it on all those accounts and risk forgetting/missing some. If your biometric data gets compromised, you can't change that, you're screwed.
 

Theinsanegamer

Posts: 3,422   +5,734
I'm not entirely convinced they will be keeping this biometric data solely on the users device. This data will get to their servers (Apple, Microsoft, etc.) and eventually out to the internet. If this is optional and not forced, fine... up to the user, but if it is forced, then no thanks. Bad idea... If your password gets stolen, you change it. Don't be stupid and use the same one across multiple accounts, if you do then you pay for it and have to change it on all those accounts and risk forgetting/missing some. If your biometric data gets compromised, you can't change that, you're screwed.
You will give up your biometric identity and you'll like it!
 

TheBigFatClown

Posts: 1,019   +431
I'm not entirely convinced they will be keeping this biometric data solely on the users device. This data will get to their servers (Apple, Microsoft, etc.) and eventually out to the internet. If this is optional and not forced, fine... up to the user, but if it is forced, then no thanks. Bad idea... If your password gets stolen, you change it. Don't be stupid and use the same one across multiple accounts, if you do then you pay for it and have to change it on all those accounts and risk forgetting/missing some. If your biometric data gets compromised, you can't change that, you're screwed.

This technology is a communistic dictator's wet dream. I have hundreds of passwords across hundreds of sites and I have no intention of giving them up in lieu of signing in with something Microsoft, Apple and Google have collaborated on.
 

gamerk2

Posts: 707   +685
This technology is a communistic dictator's wet dream. I have hundreds of passwords across hundreds of sites and I have no intention of giving them up in lieu of signing in with something Microsoft, Apple and Google have collaborated on.

The problem is password reuse. If any one site gets breached, you have a users user/password/email combo. If they reused passwords (which many people do) you now have their email account. Now all you need to do is go to websites of importance (banks, paypal, etc.) and start spamming the "forgot my password" prompt.

The problem with the current system is you are only as secure as the weakest protected website.
 

emmzo

Posts: 634   +834
The problem is password reuse. If any one site gets breached, you have a users user/password/email combo. If they reused passwords (which many people do) you now have their email account. Now all you need to do is go to websites of importance (banks, paypal, etc.) and start spamming the "forgot my password" prompt.

The problem with the current system is you are only as secure as the weakest protected website.
It only means people are dumb and lazy and corporations want to prey on their stupidity to have access to their accounts. If you can't even write a txt.doc with all your passwords and to make them different for every site, then maybe you deserve it.
 

Aranarth

Posts: 124   +121
I'm not entirely convinced they will be keeping this biometric data solely on the users device. This data will get to their servers (Apple, Microsoft, etc.) and eventually out to the internet. If this is optional and not forced, fine... up to the user, but if it is forced, then no thanks. Bad idea... If your password gets stolen, you change it. Don't be stupid and use the same one across multiple accounts, if you do then you pay for it and have to change it on all those accounts and risk forgetting/missing some. If your biometric data gets compromised, you can't change that, you're screwed.

Yeah... that's not how it works..

You are using biometirc data to unlock the keys on your device same as many people do right now to unlock the phone etc. There is no direct correlation between your biometric data and the keys on your device.

This is kind of like using last pass or Microsoft Authenticator on your phone that is locked by your fingerprint. Your fingerprint is not the password, your finger print unlocks the software that is generating the key, that then signs you in to a secure website using the FIDO standard.

This is what the article is talking about!


 

Gastec

Posts: 242   +119
"For example, a user will be able to log into a site on Google Chrome running on Windows by simply unlocking their iPhone". So now I have to buy an iPhone to log on TechSpot to post a comment about the bs that Corporate Commander tries to shove down my throat?
 

hahahanoobs

Posts: 4,526   +2,494
I hate it. It's worse than spyware.
Everything spies on you.
Your phone constantly pings towers, app devs sell your data to third parties that can be obtained by government and law enforcement agencies without warrant or notification, your car spies on you, your tv, your map app, your browser, your vpn....
 

Gastec

Posts: 242   +119
Yeah... that's not how it works..

You are using biometirc data to unlock the keys on your device same as many people do right now to unlock the phone etc. There is no direct correlation between your biometric data and the keys on your device.
You will give up your biometric identity and you'll like it!
Not only that, you will also pay for it and feel excited for doing it!
 

Aranarth

Posts: 124   +121
"For example, a user will be able to log into a site on Google Chrome running on Windows by simply unlocking their iPhone". So now I have to buy an iPhone to log on TechSpot to post a comment about the bs that Corporate Commander tries to shove down my throat?
This is an OPEN STANDARD, works on all kinds phones, iOS, Android, and yes also windows and mac if they have a fingerprint reader.


OIC!!!

So those of you complaining didn't read the article, or couldn't understand it and this is just a knee-jerk reaction.

Gotcha!
 
Last edited:

hahahanoobs

Posts: 4,526   +2,494
OIC!!!

So those of you complaining didn't read the article, or couldn't understand it and this is just a knee-jerk reaction.

Gotcha!
That, and conspiracies get the reactions they want. It's a circle that can't be broken. They hate something until enough people give it the okay to like it.
 

gamerk2

Posts: 707   +685
It only means people are dumb and lazy and corporations want to prey on their stupidity to have access to their accounts. If you can't even write a txt.doc with all your passwords and to make them different for every site, then maybe you deserve it.
Because an unencrypted text document is so much safer.

Passwords are stupid, and always have been.
 

MakeMSGreatAgain

Posts: 26   +25
Yeah... that's not how it works..
Yeah, I KNOW that. I'm basically saying that it is only a matter of time before they start to store our biometric data on their servers in the "cloud", claiming it's needed for some service or feature to work. Even still, there is always the possibility the biometric data on YOUR device could be compromised. Nothing is truly safe these days once your info is in the matrix.
 
What's stupid is how many sites require passwords and logins at all for things that shouldn't. That's why so many of us reuse passwords, because there shouldn't even BE passwords to... what... browse prices at a simple shopping site, say, or view public fb or insta postings.
 

Aranarth

Posts: 124   +121
What's stupid is how many sites require passwords and logins at all for things that shouldn't. That's why so many of us reuse passwords, because there shouldn't even BE passwords to... what... browse prices at a simple shopping site, say, or view public fb or insta postings.
I agree
 

bviktor

Posts: 906   +1,321
"For example, a user will be able to log into a site on Google Chrome running on Windows by simply unlocking their iPhone". So now I have to buy an iPhone to log on TechSpot to post a comment about the bs that Corporate Commander tries to shove down my throat?
Oh yes because you totally don't have a phone.

No, not just iPhones will work, on Windows, in Chrome. It was an example. To show how the tech from the 3 companies (MS, Apple, Google) work together seamlessly. The very sentence started with "FOR EXAMPLE". Do you know what these words mean?
 

bviktor

Posts: 906   +1,321
I mean the idea is great, the implementation, not so much.

I already have passwordless enabled for my MS account, but to this day, Edge on the Xbox wants me to set up some kind of "code", basically an app password. Which kinda defeats the whole purpose.