So long, passwords? Portable digital identities may replace them
Ask most people what the least favorite part of using their devices is and you’re bound to get a similar answer: passwords.
Unfortunately, the critical role passwords currently play makes them a tediously repetitive necessary evil of living in our digitally-powered world. However, imagine a time when they won’t be necessary, yet you can still log into your devices, conduct safe transactions, and access your accounts with the kind of security and privacy that the concept of a password is supposed to provide.
In fact, imagine doing all those things in an even safer, faster, and more convenient way than you currently do (and without the potential for hacks, break-ins, and other security breaches that, in 80% of cases, are caused by stolen passwords).
Avoiding inflation:These high-tech must-have products have actually gotten cheaper
Thankfully, as the result of a major new agreement between Apple, Google, and Microsoft that, ironically, was announced last week on World Password Day, we’re much closer to that new vision than you probably realize. Together, these three major device platform vendors agreed to extend the cross-collaboration and use of a technology standard created by an industry organization called the FIDO Alliance that, eventually, will rid us of the need for passwords.
The idea behind the concept is simple. You essentially need to provide a way to prove to your device that you are who you claim to be (that is, you authenticate yourself) and create what I call a portable digital identity. Today, most of our devices are able to do that with technologies like face scans, fingerprint readers, and other mechanisms that don’t involve passwords (though some still use PINs). That portable digital identity, in turn, is converted into a digital key that can be used to open access to your devices, accounts, payment methods, etc.
Up until this new agreement, biometric authentication, dual-factor authentication (for which you receive a text code to enter), and other types of password-less (or password-limited) forms of identification and verification have been available on individual devices. What’s been missing, however, is a way to share this portable digital identity across devices, across web sites, and across accounts.
The news announced last week is that the big three tech leaders are working to integrate that consistent approach into their respective devices and platforms. In other words, by the end of this year, iOS, Android, Windows, MacOS, and Chrome devices, along with the major browsers on these platforms, will allow you to “share” this digital identity across them. Practically speaking, that means, for example, that you could do things like log into a website on your Windows PC via your iPhone’s face scan or your Android phone’s fingerprint reader.
Now, in order for this to work as seamlessly as we would all like, websites and other platforms that require log-ins will need to add support for this FIDO Alliance authentication standard. If they don’t, then you’ll still have to do things the old-fashioned way with traditional log-ins or whatever methods they currently use. Thankfully, however, the W3C (World Wide Web Consortium) has been talking about FIDO support for many years now so that a number of sites already support these digital keys, and with this announcement in particular, many more are expected to do so in the near-term future.
Even with the evolution of automatic complex password generators, more sophisticated password managers, the growth of multi-factor authentication, and other security-oriented mechanisms, password-related issues are still a huge problem. The simple truth is, it’s virtually impossible for even the most diligent of people to follow all the best practices for password usage. For the rest of us, well, let’s just say that we’re all digital accidents and security breaches waiting to happen. Given the increasing sophistication of hackers and other digital ne’er-do-wells, the concept of even complex passwords is simply broken. That’s why this move toward a FIDO Authentication, passwordless, portable digital identity world is so important.
As with many big tech industry announcements and developments, things won’t happen overnight, but the possibility of a truly passwordless digital world looks to finally be headed towards reality. I, for one, can’t wait.
USA TODAY columnist Bob O'Donnell is the president and chief analyst of TECHnalysis Research, a market research and consulting firm that provides strategic consulting and market research services to the technology industry and professional financial community. His clients are major technology firms including Amazon, Microsoft, HP, Dell, Samsung and Intel. You can follow him on Twitter @bobodtech.