Quote:In a joint effort, tech giants Apple, Google, and Microsoft announced Thursday morning that they have committed to building support for passwordless sign-in across all of the mobile, desktop, and browser platforms that they control in the coming year. Effectively, this means that passwordless authentication will come to all major device platforms in the not too distant future: Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop environments.
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, senior director of platform product marketing at Apple. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
A passwordless login process will let users choose their phones as the main authentication device for apps, websites, and other digital services, as Google detailed in a blog post published Thursday. Unlocking the phone with whatever is set as the default action — entering a PIN, drawing a pattern, or using fingerprint unlock — will then be enough to sign in to web services without the need to ever enter a password, made possible through the use of a unique cryptographic token called a passkey that is shared between the phone and the website.
By making logins contingent on a physical device, the idea is that users will simultaneously benefit from simplicity and security. Without a password, there will be no obligation to remember login details across services or compromise security by reusing the same password in multiple places. Equally, a passwordless system will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much harder to mount.
(The Verge)
![[Image: extraordinarywoo-sig.jpg]](https://i.postimg.cc/zf86M5L7/extraordinarywoo-sig.jpg)