The security that relies on passwords is absurd. Passwords are ineffective in thwarting malicious attackers, with over 15 billion exposed credentials released on the dark web and 54% of security problems brought on by credential theft.
As part of the FIDO alliance, a number of businesses, including Google, Microsoft, Okta, and LastPass, are moving toward passwordless authentication methods due to the widespread exploitability of passwords.
In accordance with this strategy, Google announced yesterday that passkeys are coming to Chrome and Android, allowing users to create and use passkeys to log into Android devices. Users can save passkeys on their computers and smartphones and use them to log in without a password.
The adoption of passkeys by the Chrome and Android ecosystems will make it considerably more challenging for businesses to defend against system hacking.
Passkeys to prevent credential theft
The news follows the pledge made in March of this year by Apple, Google, and Microsoft to increase support for the passwordless sign-in standard developed by the FIDO Alliance and the World Wide Web Consortium.
This shift away from password-based authentication is evidence of the underlying weakness of password-based security. Credential reuse is unavoidable since users must manage passwords for several online accounts.
According to SpyCloud, the company discovered that 64% of consumers used the same password disclosed in one breach for other accounts after reviewing 1.7 billion login and password combinations.
Passwords must be completely removed in order to lessen credential theft risk and the efficacy of social engineering attacks.
Ali Naddaf, a software engineer at Identity Ecosystems, Ken Buchanan, a software engineer at Chrome, and Christian Brand, a product manager at Google, all stated in the announcement blog post that “passkeys are a significantly safer replacement for passwords and other phishable authentication factors.”
A user must first register with a website or application in order to create a passkey for it. They can perform the following actions when they come back to this website or application to sign in:
- Open the app.
- Tap Sign in.
- Choose a passkey.
- To finish the login, use the device screen unlock.
Based on the passkey, the user’s device creates a signature. The origin and the passkey’s login credentials are verified using this signature.
A passkey can be used to sign into services on any device, regardless of where the passkey is kept. A passkey generated on a mobile device, for instance, can be used to log in to a website on a different laptop.
It’s important to note that users can sync and backup their passkeys to the cloud so they won’t lose access in the event that their device is lost. Google also said that it will make Chrome and the WebAuthn API available to developers so they could add passkey support to the web.
Recommended: Try This Simple Trick to Use Old Phone as Security Camera
Passwordless authentication market
The need for passwordless authentication solutions is increasing as social engineering and phishing attacks take over the threat environment.
According to research, the market for passwordless authentication will grow from $12.79 billion in 2021 to $53.64 billion in 2030.
Many providers are experimenting with using fewer passwords as the demand for passwordless authentication soars. For instance, on iOS 16 and macOS Ventura devices, Apple now provides customers with Passkeys to log in to applications and websites using Face ID or Touch ID without a password.
Microsoft is also exploring passwordless authentication tools of its own. These include Microsoft Authenticator and Windows Hello For Business (biometric and PIN) (biometric touch, face, or PIN). Both provide businesses with passwordless user authentication options that interface with well-known programs like Azure Active Directory.
There will be increased pressure on providers to provide more easily available passwordless authentication choices as use rises or risk falling back.
