http://www.digitaljournal.com/tech-and-science/technology/apple-pledges-to-support-passwordless-authentication-movement/article/567047

Apple pledges to support passwordless authentication movement Special

Posted Feb 13, 2020 by Tim Sandle
Apple has recently joined the FIDO Alliance to support efforts to replace password-only logins with secure and fast login experiences across websites and apps using the emerging standard WebAuthn. Ben Goodman looks at the issue.
Untitled
JOHANNES EISELE, AFP/File
The FIDO Alliance is an open industry association with the aim of developing authentication standards to help reduce the world’s over-reliance on passwords. Rolf Lindemann, co-chair of FIDO's Security Requirements Working Group has told ZDNet that Apple will now be an influential player in the biometric passwords space.
Apple's decision to call time of the standard alphanumeric password signals that all has been done to protect users from hackers, and that something stronger is needed. By stronger, this means biometrics, as Ben Goodman, CISSP and SVP of global business and corporate development at ForgeRock tells Digital Journal.
According to Goodman, standard computer access models are vulnerable: “Username and password logins can be easily hacked, as consumers often reuse the same username and password across their personal and professional accounts. As a result, the user’s exposure from a security breach on one of those profiles increases the odds that their other accounts can be compromised as well, opening windows for attackers to access more sensitive information."
Goodman goes on to explain why the FIDO approach is the optimal one: "To eliminate this issue, passwordless authentication methods, such as using out-of-band steps on smartphones that leverage push notifications, need to become consumerized."
In terms of net generation protection, Goodman explains: "Apple joining the FIDO Alliance and the potential FIDO enablement of TouchID and FaceID represent a major inflection point in the move to a password-less world. In fact, Gartner estimates that 60 percent of large and global enterprises, as well as 90% of midsize organizations, will leverage passwordless methods in over 50 percent of use cases by 2022."
And this direction makes sense for businesses, as Goodman summarizes: "Companies that properly implement passwordless authentication will be more secure and will improve the user experience by reducing friction in the login process.”