Why Tech companies have been trying to get rid of passwords for years ?

Passwords have long been the first line of defense when it comes to online security. National Password Day comes along once every year, and tech firms are celebrating this year by unveiling plans to get rid of the borderline medieval security measure altogether. As the technology is slowly becoming less and less proficient at actually protecting its users. Attempts have been made to bolster their security in a world that can hack most passwords in only a few seconds.

Security-related issues have existed since the birth of online accounts. Hacking and phishing are two common practices that even the most alert of us could potentially fall victim to. And that’s expected on the internet because most websites have no way to tell whether it’s actually you or someone else trying to log in.

As long as the email/username and the password match, you’re in. 2-factor authentication (2FA) is another solid security layer that makes it harder for others to barge into your accounts. However, it’s not foolproof either. Fortunately for all of us, passwords might soon become a thing of the past. Tech companies have been trying to get rid of passwords for years. Users often have too many passwords to keep track of, and alone they aren't very secure.

Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance in its effort to build a set of passwordless login protocols. Marking World Password Day, Apple has joined the cause too.

All three tech giants have pledged to make logins simpler across all their devices and operating systems over the next year. Once implemented, these new Web Authentication (WebAuthn) credentials (aka FIDO credentials) will allow the three tech giants' users to log in to their accounts without using a password. Instead of using passwords, they will have the option to opt for verifying their identity using PINs or biometric authentication (fingerprint or face).

The new plan will let users with Microsoft, Android, or Apple devices use FIDO passkeys to log in to websites and apps across operating systems and browsers without passwords. For example, a user will be able to log into a site on Google Chrome running on Windows by simply unlocking their iPhone. Users will also be able to effortlessly transfer their FIDO credentials for all their logins to new devices.

This movement promises logins that are not only easier but also more secure than passwords. The FIDO Alliance says its passkeys, using public key cryptography, are almost impossible to phish and remain solely on users' devices. Maybe then we'll stop seeing "123456" as the most common password year after year.

Going forward, "To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.

S Mohini Ratna, Editor, VARINDIA