Google, Apple, and Microsoft are teaming up to make the web more secure and usable for all. The three tech giants announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.
The FIDO Alliance is the organization behind the move toward password-less sign-in is sponsored by the FIDO Alliance, the organization helped develop the standard for the technology that is being adopted by the World Wide Web Consortium (W3C).
While passwords have been the default security method since the early days of computing, FIDO argues that passwords are vulnerable to theft and compromise. In many cases, all a hacker has to do is compromise a user’s password to gain access to the corresponding service. A case scenario is the multiple passwords we reuse across apps and Programmes make us more vulnerable to hacking.
The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.
“‘Simpler, stronger authentication is not just FIDO Alliance’s tagline, it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
A single compromised password can open the door to multiple attacks. If a hacker gains access to the password a user employs for a password management app or service, the results can be disastrous.
In contrast, password-less sign-in essentially uses a person’s phone as a hardware key. The phone will store a FIDO passkey, which is also backed up online. To sign in to a computer or website, the user will be prompted to unlock their phone. The process of unlocking the phone authorizes them to use the computer or website in question.
Password-less sign-in has been in the works for some time, promising improved security and convenience. While there have been efforts to speed up the technology’s use, joint adoption by Google, Apple, and Microsoft represent the single biggest step forward. What’s more, all three companies have committed to making sure their implementations are compatible with one another.
When a person loses their phone in this case, they can easily pick up where they left off with a new one, thanks to their passkey being backed up online. At the same time, because the passkey uses modern cryptographic standards, the security of the transactions is maintained throughout the process.
“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, Senior Director of Product Management, Google. “For Google, it represents nearly a decade of work we’ve done alongside FIDO as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, Chrome OS, Android, and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”