Death to the Password

Passwords are one of the worst inventions in the modern computing age. They're impossible to remember, places make us change them on a constant basis, and and the requirements get harder and harder. The idea of getting rid of the password has been tossed about for years, but there's a new effort from the major players to make it happen. Ron Amadeo at Ars Technica has more.

The standard is being called either a "multi-device FIDO credential" or just a "passkey." Instead of a long string of characters, this new scheme would have the app or website you're logging in to push a request to your phone for authentication. From there, you'd need to unlock the phone, authenticate with some kind of pin or biometric, and then you're on your way. This sounds like a familiar system for anyone with phone-based two-factor authentication set up, but this is a replacement for the password rather than an additional factor.

Ars Technica

The concept is pretty simple. Put your ID into a website and you have to confirm on your device that you want to log in. Even better is this effort is spearheaded by Apple, Google, and Microsoft. Amadeo's comparison to 2-factor authentication makes sense because this would work in a similar way. Passwords are so complicated now that we have to pay for applications to generate and manage them for us. It's a complex solution to a terrible problem.

Security is important but it needs to be balanced against sanity. The saying about building a better mousetrap holds true here. This is one reason I'm a fan of Apple's "Sign In With Apple" feature. With a single click I'm registered and/or signed-in to a website and I didn't have to do anything. No password to remember, no ID to put in. The system handles the authentication itself. Google and Facebook figured that out long ago to do the same thing, though at the cost of collecting the data associated with logging in with their systems. Apple's gone from the privacy stance, as usual. However, it's dependent on their systems and if you're using their devices. A universal system is a more sustainable and long term solution.

Passkey, which is a great name and I hope it sticks, can't come fast enough. Die, password. Die.