Ashville NC IT Support Company | Blue Ridge Technology, Inc.

Microsoft, Apple, and Google Join Forces to Kill the Password

Is this the end of passwords… forever?
The move to simultaneously simplify and enhance security has been a long time coming. We’ve said it before: passwords are a terrible way to protect your business accounts. Microsoft, Apple, and Google all agree— and they’re finally going to work together to do something about it. This is going to be a pretty big shift once it arrives, and with the Big 3 involved, there’s every reason to believe this new system could become the new standard across most of your accounts and business services. And that’s very good news! If you use Microsoft tools every day and want to take care of your passwords from cyber criminals, Blue Ridge Technology offers Microsoft 365 Consulting Services and many other IT services that can keep your company secure. Here’s what you need to know about this coming change: what it is, when it will roll out, and how to prepare.

The Problem with Passwords

We won’t go too deep here because we’ve talked about it so often already, but the short version is this: passwords are awful. They’re hard to remember and easy to steal or crack. They lead to all sorts of security breaches, data theft, and more: as many as 81 percent of data breaches are due to weak or stolen passwords, and these may affect several apps like Facebook, Twitter, Microsoft 365, and even Microsoft Viva Goals. And people tend to reuse passwords across multiple sites — even if they know not to. So once a set of credentials is stolen, it could open up illegitimate access to dozens of sites. The old username + password system needs to go, and promises of something better and more secure have been around for a long time, too. The recent joint announcement from three of the biggest names in tech just may be the password’s death knell.

What It Is: A Unified Passkey

The three companies have agreed on a well-documented new standard for logging in, called a passkey. In addition to commitments from Apps in Microsoft 365, Apple, and Google, this cross-platform and cross-service passkey approach has the approval of the FIDO Alliance and the World Wide Web Consortium. Those organizations aren’t exactly household names, but they’re massively influential — so their support matters.

So what’s a passkey?

A passkey is a way of establishing a person’s identity or credentials using their smartphone. You already unlock your smartphone dozens of times per day, and most of us use face recognition or a fingerprint to do so. Both of those are way more secure and hard to hack than alphanumeric passwords. Through the use of Bluetooth and lots of behind-the-scenes tech, this new passkey standard will allow your phone to establish your identity and send that information to whatever platform or service you’re logging into. Crucially, this new passkey system will work across devices, platforms, operating systems, and services like Apps in Microsoft 365. Once your identity is established, it will stay that way for a period of time, even if you switch devices, browsers, and so on. It’s also phishing-proof: because users must have their phone near a device to authenticate with it, hackers can’t spoof logins like they can today.

Isn’t this just MFA or passwordless?

At first glance, this new system sounds like Microsoft Authenticator a Microsoft 365 App that helps with multifactor authentication (MFA). This technology is better than a password, but it still has issues. For one, some hackers can now intercept those one-time codes MFA keeps texting you. (It’s not common, but it does happen.) MFA systems can end up locking you out if you lose access to your phone or authenticator or fob. And attempts to resolve both of these issues get complicated (and expensive) — and ultimately still rely on an insecure password as a backup. Also, MFA doesn’t work across devices and platforms, so you keep getting punted back to login screens. Passkey manages to solve all of these issues, providing a safer, more secure login experience that’s truly, actually passwordless.

When Does This New System Arrive?

The Big 3 haven’t given a clear timetable, but it seems like late 2022 at this point, close to the Microsoft Ignite 2022.

How To Get Prepared for a True Passwordless Future

For now, it’s a waiting game. Just make sure you’re following good password (or multifactor or passwordless) practices until then. As the new protocol rolls out, there will be a learning curve and transition period — and we’re here to help you through that with whatever support you need.