Most of us agree passwords are a drag. At best, we’re indifferent to them even as we begrudgingly recognize their purpose.
The biggest tech companies share your frustration. Apple, Google and Microsoft, along with giant companies in other fields, are throwing their collective weight behind a password alternative called passkeys, which promise to be more secure than regular passwords and eliminate the associated hassles.
Passkeys are based on an emerging standard developed by the Fast IDentity Online (FIDO) Alliance, an industry group, and the World Wide Web Consortium. FIDO Alliance members include Amazon, American Express, Bank of America, Chase, CVS Health, eBay, Intel, Lenovo, Mastercard, Meta, PayPal, Samsung, Sony, Qualcomm, Verizon, Visa and Wells Fargo.
While passwords as we know them aren’t going to disappear anytime soon, the new passkey solution has already started showing up.
On May 3, Google began rolling out passkeys across all Google Accounts on all major platforms, meaning you now have the option to ditch passwords. Passkeys leverage biometric login methods you may already be taking advantage of, such as facial recognition, fingerprint scanning or even a personal identification number that you probably know better as a PIN code.
At its Worldwide Developers Conference in June 2022, Apple went all in on passkeys, which it made available to developers as part of its macOS Ventura and iOS 16 operating system software for Mac computers and iPhones. Apple’s future operating systems promise to replace passwords for good in the long term.
More changes are possible in 2023
Apple’s very public embrace of passkeys last year came about a month after Google heralded the solution at its own developer conference.
Google initially added passkey support for developers of Android and Chrome.
What’s the difference?
Passcode, a.k.a. personal identification number (PIN). A secret numeric code of at least four digits that a person uses to verify his or her identity
Password. A word or string of characters that an authorized user creates to log in to a computer system or service
Passphrase. A sentence-like set of words or characters, longer than a password but often easier to remember, that serves as a login to apps and websites
Passkey. A method of verifying an app or website user who is tied to both the app or site and the device trying to gain access. Both “keys” need to fit before a user is allowed in, but the process is done without entering a username or other proof of identification.
Microsoft is on board, too, and expects people to be able to use passkeys across all its platforms as well.
A year ago, the three normally fierce rivals issued a joint news release with FIDO. “The complete shift to a passwordless world will begin with consumers making it a natural part of their lives,” Alex Simons, a Microsoft corporate vice president for identity program management, said in the release. “Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today. By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords.”
“In the near future, you’ll be able to sign in to your Microsoft account with a passkey from an Apple or Google device,” Simons said in a separate blog post.
For now, people who want to remove the password from their Microsoft accounts can use the Microsoft Authenticator app to log in. It works in tandem with two-factor authentication, such as a mobile phone you’ve logged in to with your face, fingerprint or PIN.
The problems with existing passwords
We’re all too familiar with the problems passkeys aim to solve. Most people ignore the advice of security experts and use the same or similar passwords across the board when signing in to apps and websites. Indeed, 2 in 3 Americans report reusing passwords for different online accounts, according to an Ipsos poll of 4,000 U.S. adults.