06 MAY 2022 - Thursday 05 May was World Password Day, and it saw Apple, Google, and Microsoft pledging to kill the password. 

Makes me kind of worry about Mother’s Day.

According to a press release on Apple’s site:

In a joint effort to make the web more secure and usable for all, Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.

What, you may wonder, is FIDO? Short for Fast IDentity Online, the FIDO Alliance was formed just under ten-years ago “to address the lack of interoperability among strong authentication technologies,” and make the username/password thing easier on users. 

Of course, the easiest thing is to reuse the same password form multiple sites and accounts. The release says that is a security nightmare, since it “can lead to costly account takeovers, data breaches, and even stolen identities.” Instead of passowrds, the three tech-titans and FIDO say:

Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS. 

The release says that’ll happen thanks to two new capabilities announced Thursday:

1. Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to reenroll every account.

2. Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

A brighter future awaits, huh? We’re not there yet though. On our way, The Checklist by SecureMac marked World Password Day talking about passwords. Scary stats plus a bunch of password dos and don’ts. That’s The Checklist by SecureMac - hosted by Mac OS Ken’s Ken Ray. You’re looking for Checklist No. 277 - World Password Day 2022. Find it wherever you find podcasts or on the show’s site: SecureMac.com/Checklist.