A future without passwords took a step closer this month, as Apple became the latest member of the Fido Alliance.
Fido stands for Fast IDentity Online, and the alliance is a combined effort by numerous technology companies to explore a future where passwords are no longer needed, and are instead replaced by cryptography, biometrics and other authentication technologies.
- 5 password managers to help secure your data in 2020
- 12 best ways to secure your digital life
- What are physical security keys and how do they work?
We all know that passwords aren't the most reliable way of securing our devices and online accounts. People often use the same password multiple times over, or opt for passwords which are very easy to guess. '123456' and 'password' are often among the most-used, giving hackers an easy way into our online accounts.
The Fido Alliance wants to fix this, and Apple's joining as a board member makes clear that the iPhone maker feels the same way. Of course, the iPhone already offers Face ID (and Touch ID before that) as an alternative to entering a password, and the Apple Watch can be used to unlock a nearby MacBook.
These technologies still require a password as a failsafe, but they are at least a step in the right direction. Other members of the Fido Alliance include Amazon, Amex, Facebook, Google, Intel, Mastercard, Microsoft, PayPal, Qualcomm, Samsung and Visa.
Graphic from the Fido Alliance showing how its password-free technology worksFido Alliance
The Fido Alliance has created three sets of password-free authentication protocols. Here is how the alliance describes these protocols:
"The Fido protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user's client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge."
These private keys are locked to your device (your smartphone, for example) with biometric security like a fingerprint or facial scan, by entering a PIN, using a second-factor device (like a physical security key) or speaking into a microphone to confirm your identity.
Although the alliance already wasn't short of big names among its members, getting Apple onboard is a big deal. The company sells millions of iPhones, iPads and Macs every year, all of which require a password but could, with the use of biometrics, manage without. We hope Apple's joining the alliance means such technologies and security standards will become more widespread, and eventually be considered the normal way to log into devices, apps, and online services.
Apple Watch Series 5 (GPS + Cellular, 40mm) - Gold Aluminum Case with Pink Sport Band (Renewed)