 Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.
Ask just about any IT security professional and they will tell you that weak user passwords are one of the biggest problems and most persistent threats to corporate networks.
Despite years of training, re-training, and near-constant reminders to strengthen passwords, users keep making the same mistakes.
They'll re-use the same password across multiple properties. They may use an incredibly weak and easy to guess password that makes it easy for hackers to break in using simple brute force attacks against their accounts.
If passwords were to simply go away and be replaced by something better, legions of IT security folks would breathe a tremendous sigh of relief.
If Apple, Google, and Microsoft have anything to say about the matter, that is soon to be a reality. All three companies are hard at work on a variety of passwordless schemes. If their plans remain on track, we'll get to see the fruits of their labor sometime next year.
The three companies are currently working to implement passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, Safari, Windows, and Edge. Taken together, those systems and software packages account for some 90 percent of network traffic today. It won't be long now before the devices users employ will store a FIDO credential, dubbed a passkey, which is used to unlock your device and access all of your online accounts.
The passkey scheme is substantially more secure than a simple password because it's protected with powerful cryptography and only shown to your online account when you unlock your device. Contrast that with passwords, which leave users vulnerable to all manner of phishing schemes and are subject to being weakened by bad habits developed by the users themselves.
All of that is good news but it should be noted that we haven't seen it in action yet. Even after the Big Three finish their work, there's still the considerable task of implementing the use of the new passkeys into websites and other applications. It will be a while yet, but the good news is change is coming.


