It has been reported that Apple has announced plans to move towards a passwordless future.
At Apple’s Worldwide Developer Conference, the company announced it will launch passwordless logins across Macs, iPhones, iPads, and Apple TVs in its first major real-world shift to password elimination.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
With major players like Apple deciding to eliminate the password rather than just hiding it from users for convenience, we are finally turning the corner on security and privacy.
People hate passwords and there is simply no way to make them ‘safer’. Exploiting passwords remains the single largest way adversaries gain access to accounts and data, and are the main vulnerability attackers use to access systems and deploy ransomware.
We applaud all efforts to eliminate passwords, especially approaches that use FIDO and other public-private key approaches like Passkey.
This will improve security immensely. We also sound a cautionary note when it comes to moving keys around – like from device to device in the Apple ecosystem. This can be convenient for consumers, but will also likely be where attackers focus their energy in the future.
Passwords are the oldest form of authentication, and their effectiveness decreases as our reliance on the digital world grows.
People simply have too many online accounts today to employ strong and secure passwords. Instead, they resort to weak passwords, deployed across multiple online accounts which are easy for hackers to guess and breach.
Moving to a passwordless future is the best way to overcome this challenge as it removes the need for passwords, meaning they can’t be guessed, stolen or breached.
It’s great to see that Apple is recognising the security benefits of passwordless. But the reality for most enterprises is that a solution is needed to bridge the gap between logging onto an Apple or Microsoft device and the vast majority of apps that enterprise users still need to use passwords for, as that’s where the real risk resides.