The Apple Watch could completely replace passwords and one-time codes, thanks to a new form of authentication being touted as a way to “solve the world’s password problem.”
I’ve argued before that passwords are horrible…
They were fine way back in the days when we only needed a handful of them, but these days you need a password to do everything from transferring photos from a camera to an iPad through to ordering a pizza. We probably each have hundreds of the darned things.
And passwords are especially horrible on iOS devices — where we have to switch an on-screen keyboard between letters, numbers, and symbols multiple times to type a single password.
In theory, a combination of password managers and Face ID or Touch ID means we should never have to type them manually, but the reality is very different. We can all think of countless examples of occasions where an app, corporate system, or a website with many URL variations requires a manual login.
The problem with passwords
The FIDO Alliance, an organization founded to create a safer and simpler alternative to passwords, points to the numerous problems they create.
- Passwords are the root cause of 80% of data breaches
- The average person has more than 90 online accounts
- Up to 51% of passwords are reused
- A third of online purchases are abandoned due to a forgotten password
- The average help desk cost of a single password reset is $70
There are already hardware alternatives to passwords, like the YubiKey, but one of the companies behind the FIDO Alliance believes it makes more sense to use a device many of us already have on our wrists: a smartwatch.
How your Apple Watch could replace passwords
To get the ball rolling, Nok Nok Labs is offering a FIDO-based SDK for the Apple Watch.
We allow smart watch Apps to strongly and conveniently authenticate to backend services — no need for the user to enter passwords or one-time passcodes. This allows you to see your account balance, stock portfolio — and make sure others can’t.
With the Nok Nok App SDK for Smart Watch, our customers are able to standardize on next-generation authentication across all digital channels — including smart watches. Smart watch apps can have a strong, device-bound credential that doesn’t need frequent renewal and server-side infrastructure can be standardized to support industry standards, including FIDO next-generation authentication — across all digital channels.
Instead of being prompted for a password, your watch would simply ask you to tap a checkmark to authorize a login on your iPhone, iPad, Mac, or PC. Those without an Apple Watch can already do the same thing on a smartphone.
At the moment, it’s mostly being pushed for enterprise systems, but the longer-term aim is for FIDO to become a web standard so that passwordless authentication can be used for any website. That can’t happen a day too soon for me.
FTC: We use income earning auto affiliate links. More.