December 5, 2022

TheCyberThrone

Thinking Security ! Always

Passwordless Login – On an Agenda for Apple, Google & Microsoft

Apple, Google, and Microsoft announced plans to roll out new passwordless login features across their respective platforms that are expected to become generally available over the next year.

Managing passwords is hectic work. To overcome this issue Apple, Google, and Microsoft have been helping to lead an industry-wide effort to move away from using passwords as the primary means of logging into applications. The initiative that the companies announced today is a continuation of that effort.

Advertisements

The new login features will enable users of the above tech companies to sign into a website or an application without entering a password. Instead, they will sign into service simply by unlocking their smartphones.

The new passwordless login features will also include a built-in backup mechanism. Even if a user loses his/her phone, passkeys will securely sync to the new phone from cloud backup, allowing it to pick up right where the old device left off.

The upcoming capabilities are based on technical standards developed by two industry groups, the FIDO Alliance, and World Wide Web Consortium. Apple, Google, and Microsoft played a key role in developing the standards.

In parallel to this announcement, Microsoft also added passwordless login support to two of its offerings. The first is its Windows 365 Cloud PC tool, which enables users to sync their computer’s applications and settings across multiple devices. Microsoft has also added a password login capability to its Azure Virtual Desktop service, which enables companies to provide cloud-based desktop computers for their workers.

Apple, Google, and Microsoft are also working to make their platforms more secure in other ways.

Advertisements

The chips in Apple’s mobile devices and recent Macs feature a so-called secure enclave designed to store the encryption keys that applications use to protect data. Google’s latest Pixel 6 device line features a specialized chip called the Titan M2 that is specifically optimized for cybersecurity tasks.

Microsoft also has a coprocessor called Pluton that can be attached to a Windows machine’s central processing unit to protect sensitive data such as encryption keys. Microsoft says that not even the firmware installed on a Pluton coprocessor can access the encryption keys stored onboard.

%d bloggers like this: