In recent months, FIDO has taken a series of important steps to bring the demise of the password closer to reality. In March, FIDO announced it had found a way to store in-store cryptographic keys that sync between people’s devices, calling them “multi-device FIDO credentials” or “passwords.”
This was followed in May by Apple, Microsoft and Google explain their support for the FIDO standards. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said the adoption of the standards would keep more people safe online. At the time, the three tech giants said they would roll out the technology “over the next year.” Microsoft account owners can have deleted their passwords since last Septemberand Google has been working on its passwordless technology since 2008†
When all tech companies have rolled out their version of passkeys, the system should be able to work across devices. In theory, you could use your iPhone to log into a Windows laptop or an Android tablet to log into a website in Microsoft’s Edge Browser. “All of FIDO’s specifications have been co-developed with input from hundreds of companies,” said Andrew Shikiar, the executive director of the FIDO Alliance. Shikiar confirms that Apple is the first company to roll out password-based technology, saying it shows “how tangible this approach will soon be for consumers around the world.”
Any success for a passwordless future depends on how it works in practice. At the moment there are unanswered questions about what happens to your Passkeys if you want to ditch Apple’s ecosystem for Android or any other platform. (Apple has not yet responded to our request for comment.) And developers still need to make changes to their apps and websites in order to work with Passkey. In addition, in order to gain confidence in a system, people need to be educated about how it works. “Any viable solution should be more secure, easier and faster than the passwords and legacy multi-factor authentication methods used today,” said Alex Simons, Microsoft’s head of identity management efforts, in May. In short, if systems for different devices are clunky or cumbersome to use, people can shun them in favor of weak but useful passwords.
While Apple’s Passkey and Google and Microsoft’s equivalents are still several months away (at the very least), that doesn’t mean you should keep using your weak or repetitive passwords uselessly. Every password you use, whether it’s for a one-time account to buy DIY items or your Facebook account, must be strong and unique. Do not use generic phrases, names of friends or pets, or personal information associated with you in your passwords.
Instead, your passwords should be long and strong. The best way to achieve this is to use a password manager, which can help you create and store better passwords. You can find our selection of the best password managers here. And while you think about your security, enable multi-factor authentication for as many accounts as possible.