Today on World Password Day, Google unveiled its vision for a passwordless future and announced that it was going to be offering users passwordless authentication options on Chrome and Android.
This announcement comes just as Apple, Google and Microsoft have publicized their commitments to support the common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, which aims to encourage technology vendors to offer consumers passwordless sign-in opportunities.
According to Sam Srinivas, the project management director of authentication security at Google and president of the FIDO Alliance, by 2023 Google plans to enable users to sign into apps or websites on their phone simply by unlocking their device (and those on a computer will be able to approve sign-ins via a pop-up on their phones).
For enterprises, Google’s move away from passwords not only reduces the chance of credential theft on Chrome and Android, but also highlights that the era of using passwords to control access to resources is coming to an end.
The next generation of authentication
Password-based security measures have long failed to control user access to resources. Last year, an audit of the dark web found that there were 15 billion stolen passwords online.
The reality is that hackers find it easy to steal passwords and can routinely harvest login credentials with phishing scams and brute force hacks because password-driven security relies on gating access to services around a piece of information the user knows.
Unfortunately, modern cyber criminals are simply too good at finding out what piece of information a user knows.
We want all of our users to have the best security protections in place by default across their devices and accounts. We know that passwords are no longer a sufficient form of authentication they are painful and easy for bad actors to access which is why we are doing everything we can to move users away from needing them. Today’s news lays the ground for this password free future,”
This will require people to use a physical device to authenticate, rather than something they know. Bad actors will always find a way to uncover what a person knows (i.e, phishing), but they can’t take away a physical object over the internet.” Sam Srinivas, the project management director of authentication security at Google
Moving to passwordless authentication will helps ensure that users can’t be tricked into giving away their credentials to scammers or having them stolen through brute force, while making it more convenient for users to login.
The fast-growing passwordless movement
Google isn’t the only provider to recognize the advantages of a passwordless approach not just for mitigating security concerns but for improving the user-experience with a seamless sign-in option, with researchers anticipating that the global passwordless authentication market will grow from a value of $12.79 billion in 2021 to a value of $53.64 billion by 2030.
A number of other prominent providers are also experimenting with phasing out passwords alongside the FIDO alliance.
For example, Apple recently released a solution called Passkeys that eliminates the need for passwords and allows users to use biometric identification measures like Touch ID and Face ID to log into online accounts.
At the start of this year Apple also announced that it had reached an all-time revenue record of $123.9 billion.
Microsoft, who recently announced $49.36 billion in revenue, is also starting to test the boundaries of its own passwordless approach, with Microsoft Authenticator. Users can install the Microsoft Authenticator app and link it to their Microsoft account and opt to turn passwordless authentication on so they can log into their Microsoft account without a password.
Google’s passwordless solution may have been later than other offerings, but Srinivas argues that the organization has played a critical role in accelerating the passwordless movement so far.
“We were the first platform company (i.e., owner of a major OS or browser) to join the FIDO Alliance back in 2013. Since then, we have been encouraging our colleagues across the industry, especially other major platform companies, to join us. We’re thrilled that 300 companies have joined FIDO including Microsoft and Apple, allowing us to now solve an internet wide problem the right way together, with open standards.”