Going passwordless
This push for a common passwordless sign-in standard is in line with the FIDO Alliance as a way to protect against phishing attacks and malicious hacking methods. Phishing scams have seen a rise over the past few years, including a WhatsApp voicemail spoof stealing user credentials earlier this year. Hackers don’t just track individuals either, as they can breach websites to access all passwords stored. In fact, a recent study found nearly 50% of passwords are stored in shared office documents in select IT, security, and cybersecurity companies. With Passkeys, however, the unique credentials stay on the device, and can only be accessed by the user. This isn’t the first we’ve heard of passwordless sign-ins. Google announced it will also be joining the transition from password-only authentication with a simple phone unlock. Coming to Android and Chrome, your smartphone will store a FIDO credential called a passkey, which is used to unlock your online account. These passkeys work cross-platform, too. As Apple notes, “you can walk up to a non-Apple device and sign in to a website or app using just your iPhone.” With Apple, Google, and Microsoft on board, passwords may very well be extinct soon. Password manager LastPass is also now letting users log in to their LastPass vault without the need for a password via the LastPass Authenticator app. Passwords are clearly getting the boot, and we can see why as it only takes under 1 second for hackers to crack these passwords. We’re interested to see how Passkeys will integrate into how we access accounts, especially if they put a stop to phishing attacks once and for all.