Clicky

Apple, Google, and Microsoft Join Forces for New Password Security Advances Which Could Leave Passwords in the Past
by Shelly Kramer | May 9, 2022

The News: Apple, Google, and Microsoft are joining forces to solve an enduring problem of the internet age – password security. The tech giants have agreed to work together on a common sign-in standard developed by the FIDO Alliance and World Wide Web Consortium. Read reporting from Digital Trends here.

Apple, Google, and Microsoft Join Forces for New Password Security Advances Which Could Leave Passwords in the Past

Analyst Take: The news of Apple, Google, and Microsoft joining forces to work on a common sign-in standard developed by the FIDO Alliance and World Wide Web Consortium is very, very good news.

Password security is an enduring problem of the internet age. I’m reasonably confident that remembering and/or storing increasingly complex login credentials for every service, app, and website you use is a challenge, as is helping your aging parents navigate that process, which is a reality in my world.

Password managers are great and can go a long way toward making the whole process easier and password management safer, but the downside is that a password manager keeps all your sensitive login info in one place, so a breach, which is rare but can happen, could be a very big deal. The downside of password managers is that they cost money. Pricing ranges between $10 and $60 per year for one person and are generally billed on an annual basis. Many password managers offer family plans that provide additional coverage for a slight additional monthly fee. That might not sound like much, but the reality is that not every individual, or family, has the ability to afford a password management service.

Weak and reused passwords offer an attractive vulnerability to bad actors looking to harvest personal data and other sensitive information from the apps and websites we depend on daily in our lives and work. While advancements in password security have made it easier to store and access the growing number of complex credentials we use to keep our information safe, the potential for breaches and identity theft will persist as long as there are exploitable cracks in these systems. So, why not do away with passwords entirely? That’s the problem that Apple, Google, and Microsoft are working to solve.

Is a Common Sign-In Standard the Future of Password Security?

The recently announced alliance of Apple, Google, and Microsoft to address password security indicates a paradigm shift in the way we establish and protect our digital identities and personal information. By embracing a common sign-in standard developed by the FIDO Alliance and World Wide Web Consortium, these Big Tech giants are throwing their combined weight behind advances in password security that may leave passwords as we know them in the past. While a password-free future may seem far-fetched, the answer has been right under our faces for years now.

The FIDO standard offers a more convenient alternative to traditional password security measures that is less prone to user error. In fact, it does away with passwords entirely, replacing them with biometric options like fingerprint or voice recognition, facial recognition through tools like Apple’s Face ID, or simply using our device PINs. By tying all our login information to our devices (phones, watches, computers), the FIDO standard secures the process of storing login information in a convenient yet harder-to-crack common sign-in system.

Password Security Threats are More Common than We Think

In a statement addressing the move to increase password security, Microsoft noted that attacks per second on passwords have nearly doubled since this time last year. This means that every second there are 921 attacks on passwords for a total of 79.5 million attempts each day. If that’s a shocking figure, consider the increasing sophistication of automated hacking tools capable of targeting massive amounts of data at incredible speeds. Combined with advanced phishing techniques, insecure and unencrypted public wi-fi portals, and misuse of password recovery systems (among others), the threats to password security are truly staggering to consider.

Even updated password security measures designed with these threats in mind can be compromised. Password management programs, which I mentioned earlier, can be vulnerable to poorly chosen master passwords or the reuse of login information across multiple platforms or devices. Two-factor authentication, once considered the answer to password security vulnerabilities, can now be hacked using ‘SIM swap’ attacks that give bad actors access to recovery passwords sent to users.

Password security isn’t just a problem for individuals, either. Institutions from government to finance, healthcare, and beyond depend on data security to operate effectively, but their cybersecurity is left in the hands of sometimes lazy, sometimes error-prone users (sorry, it’s true) who can unintentionally create exploitable weaknesses with disastrous consequences. There’s even a retail case for increased password security protections — it’s estimated that as many as one third of online purchases are abandoned due to forgotten passwords. It’s clear that we need a better solution. In an episode of our Cybersecurity Shorts webcast published just a year ago, I covered the news of some 3.2 billion leaked passwords which contained some 1.5 million world government emails and 625,000+ U.S. government passwords. Humans have pretty predictable behavior, and hackers are very, very good at identifying that behavior, sussing out passwords and understanding exactly how people both manage and update their passwords. And unfortunately, it’s mostly not in any way stealthy or secure.

Password Security is a Problem in Need of a Solution

The proliferation of online platforms that require passwords has led to increased vulnerability to data breaches and identity theft. Passwords have been found to be the root cause of over 80% of data breaches, and because the average internet-connected human now has over 90 online accounts, an estimated 51% of passwords are reused across multiple apps or websites. The FIDO standard looks to solve our password security problems using biometric technologies that are several orders of magnitude more secure than traditional passwords.

That Apple, Google, and Microsoft are joining forces to work on the FIDO standard solution to password protection is a major development that adds momentum in a necessary direction. The three tech giants are joining the ranks of hundreds of technology companies and service providers from around the world who have collaborated on the FIDO common sign-in standard. While no release date has yet been announced, it is expected that FIDO standard login capabilities will be available for Apple, Google, and Microsoft devices and services within the year.

I’m excited to learn of this impactful partnership in password protection, both as a tech analyst immersed in the cybersecurity space, the resident “IT expert” for family and friends, and as a human who tries valiantly to adhere to best practices as it relates to personal password management. The FIDO standard solution is poised to create a paradigm shift in how we ensure the security of our devices and personal information. If that means passwords become a relic of the past, I’m all for it.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.

In Hacking News:

3.2 Billion Leaked Passwords Contain 1.5 Million Ties to Government Emails

Cybersecurity Shorts: Cybersecurity Response and Trends, Supply Chain Attacks, Updates on Fed Policy, Zero Trust and More

New Bipartisan Healthcare Cybersecurity Act Aims to Improve Protection Efforts

Image Credit: DNA India

About the Author

Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”