Microsoft, Apple, Google to get rid of passwords

• 

Microsoft, Apple, and Google announced Thursday that they are seeking to eliminate passwords and replace them with a more secure way to reach devices or accounts.

They jointly supported a common standard that will let people access their accounts of devices by using face recognition or fingerprints.

"The complete shift to a passwordless world will begin with consumers making it a natural part of their lives," Alex Simons, Microsoft Vice President, said, adding, "By working together as a community across platforms, we can, at last, achieve this vision and make significant progress toward eliminating passwords."

Passwords alone cannot be relied on anymore as they are considered a major security flaw on the internet, especially when they are kept overly simple or the same one is used repeatedly to make it easier to remember several accounts.

The US tech titans said that adopting standards created by the FIDO Alliance and the World Wide Web Consortium will let device makers and websites build options that are secure and passwordless and would stymy phishing scams that mislead users into revealing log-in credentials and hackers that steal such data.

On the matter, US cybersecurity and infrastructure security agency director Jen Easterly said, "Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords."

In the same context, Google product manager and FIDO Alliance president Sampath Srinivas said that the support for password-free log-ins will be woven into Chrome software and Android over the course of the coming year.

Microsoft and Apple announced similar plans to be carried out with their software.

"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Srinivas said in a blog post, adding, "When you sign into a website or app on your phone, you will simply unlock your phone."

Mobile phones will store a "passkey", which is a FIDO credential, and will be used to unlock online accounts, as explained by Srinivas.

"To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access," she said.

Removing passwords was found as more secure than two-factor authentication which involves getting one-time passcodes emailed or texted as secondary confirmation when logging into websites or services.