Apple, Google and Microsoft have announced that they are joining forces to support a common passwordless sign-in standard that will allow websites and apps to offer consistent, secure and accessible sign-ins across devices and platforms.
Relying on password-only authentication presents many risks and challenges, such as managing multiple passwords being cumbersome for users leading to password-sharing, data breaches, and stolen identities. Despite the added measure of two-factor authentication, the goal of tech companies in recent years has been to create sign-in technology that is more convenient and more secure and moves towards a passwordless future.
The new common passwordless sign-in standard that Apple, Google and Microsoft are joining forces to promote and introduce is an expanded standard created by the FIDO Alliance and the World Wide Web Consortium.
Although Apple, Google, and Microsoft already support FIDO Alliance standards to enable passwordless sign-in on billions of devices, previous implementations have required users to sign in to each website or app before using the passwordless functionality. Therefore, this latest announcement is really about how the platform implementations have now been extended to give users two new capabilities for more seamless, secure passwordless sign-ins. These new capabilities are:
1. Users can now automatically access their FIDO sign-in credentials (also known as a “passkey”) on many of their devices, even new ones, without re-enrol every account.
2. Users can use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser.
This means that as well as being easier and more convenient if widely supported, service providers could also offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.
Mark Risher, Senior Director of Product Management for Google, said, “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people worldwide can safely move away from the risk and hassle of passwords”.
Talking about the standard’s contribution to the vision of a passwordless future, Alex Simons, Corporate Vice President, Identity Program Management at Microsoft, said, “By working together as a community across platforms, we can, at last, achieve this vision and make significant progress toward eliminating passwords”.
Andrew Shikiar, executive director and CMO of the FIDO Alliance, highlighted how the standard could help service providers, saying, “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilisation of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication”.
Finding solutions to keep one significant step ahead of cybercriminals whilst maintaining or increasing convenience for users, and avoiding the damage caused by data breaches, is an ongoing challenge for the tech companies. The passwordless future is the vision that’s starting to see some progress. 2FA has provided just enough security for now, and biometrics were touted as the way ahead. Expanding the FIDO Alliance standards is the next “low-friction” step along the way. The weight of Apple, Google and Microsoft publicly getting behind it should mean that it is more widely adopted, thereby hastening the journey towards realising the ‘passwordless’ vision. Cybercriminals, however, are constantly pushing and finding new ways to beat security systems. Furthermore, with the threat of AI being used in the wrong way soon, it remains apparent how successful the widespread use of the expanded FIDO Alliance standards will be in the near future.