Zurich, 20 June 2022 – At the Apple Developers Conference on 6 June 2022, the tech company announced that the days are numbered for the current method of authentication by password. Passwordless login using ‘passkeys’ will soon take over, initially in the Apple browser Safari. To achieve this, Apple is set to introduce a pioneering security update for which it joined forces in 2012 with other Internet giants like Meta (formerly Facebook), Google and hardware manufacturers from Intel to Qualcomm to create the FIDO Alliance. In May this year, Apple, Google and Microsoft announced they want to massively expand the option of logging in without a password. There’s no better time than the present for companies making their living online to reflect on how they want to ensure their business processes are fit for the future.
Apple is implementing the goals of the FIDO Alliance in the form of a solution called ‘Passkey’, which is based on a combination of strong encryption and biometric data gathered by sensors on laptops and mobile devices. To activate the function on a website or in an app, all users need to do is create a digital authorisation key once via Apple’s facial recognition Face ID or fingerprint scanner Touch ID. This key is only valid for the website/app for which it was created. One new feature of the passkey is that it’s passed on to other devices owned by the user via the iCloud keychain to enable authentication across all devices.
Apple’s passwordless login is thus a direct implementation of the FIDO Alliance’s goals. The underlying strategy is not limited to Apple’s product ecosystem but actually enables a new level of passwordless authentication which is independent of the end device operating system platform and browser. It also ensures that the digital keys are securely shared across gadgets and are therefore available on all devices without the user having to log in again. As other members of the FIDO Alliance such as Microsoft and Google also support the system, it can be expected to spread rapidly in the coming years.
What companies should do now
Whether you’re accessing a mailing service, cloud software or banking/e-commerce accounts: passwordless authentication makes the capture of login data impossible and reliably thwarts data theft. The fact that leading hardware and software providers are working together to implement this shows what’s on the cards: any online service providers/retailers which haven’t yet done so need to make their login processes future-proof and facilitate access without passwords. Companies like Apple, Google and Microsoft deliver the solution on the end user side as standard. Companies need to catch up and adjust their login systems to match. Appropriate authentication solutions can be easily integrated out-of-the-box into the existing software architecture. As cloud solutions, they offer companies the certainty of always being able to keep up with the ongoing development of the FIDO security standards – without having to worry about regularly updating the authentication components themselves.
The cyber security situation remains tense
The reason for the FIDO Alliance’s continued efforts to make logins more secure is that hackers repeatedly succeed in overriding this security mechanism – despite many people now using long, non-trivial passwords. Using social engineering attacks like phishing, they get users to disclose their password on a legitimate-looking company website or to somebody claiming to hold a position of authority. But cybercriminals are lurking at the other end of the communication chain who spy on company secrets or carry out illegal transactions with the stolen login data. Against this sort of sophisticated attack, even a long and complex password is no protection at all.
Nevis develops security solutions for the digital world of tomorrow. Its portfolio includes passwordless logins that are intuitive to use and optimally protect user data. Nevis is the market leader in Switzerland for identity and access management services and secures over 80 percent of all online banking transactions. Government agencies and leading service and industrial companies around the world rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany and Hungary.
LEWIS Communications GmbH
40476 Düsseldorf, Germany
+49 211 882 476 07