In a joint effort, tech giants Apple, Google, and Microsoft have announced plans to expand support for a common passwordless sign-in standard across devices and platforms.
The platforms will enable the passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium allowing websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
The announcement has been made in a bid to make the web more secure. Even as passwords are essential to online safety, users often face threats like phishing, scams, and poor password hygiene.
Microsoft, in a blog post, said that passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers. It further added that there are 921 password attacks every second—nearly doubling in frequency over the past 12 months.
The new capability is meant to enable websites and apps to offer an end-to-end passwordless option. With this, users can sign in through actions such as verification of their fingerprint or face, or a device PIN.
As per an official release, Apple, Google, and Microsoft have led the development of this expanded set of capabilities and are now building support into their respective platforms.
“These companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality,” as per an official release.
The collaboration extends these platform implementations to give users two new capabilities for passwordless sign-ins. It will allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account as well as enable them to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
Additionally, the expanded support will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.
How it works
As Google explained in a blog post, users will not require a password while signing into a website or app on their phone.
They can sign in with the passkey based on public-key cryptography, and is only shown to a user’s online account when they unlock their phone.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explained in the blog post.
These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s Senior Director of Platform Product Marketing.
“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” Knight said.
Mark Risher, Senior Director of Product Management, Google said, “This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication”
“For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords,” added Risher.
“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today. By working together as a community across platforms, we can, at last, achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services,” said Alex Simons, Corporate Vice President, Identity Program Management at Microsoft.