Apple, Google and Microsoft have announced that they are joining forces to support a common passwordless sign-in standard that will allow websites and apps to offer consistent, secure and easy sign-ins across devices and platforms.
The Problem With Password-Only
Relying on password-only authentication is known to present many risks and challenges such as managing multiple passwords being cumbersome for users leading to password-sharing, data breaches, and stolen identities. Despite the added measure of two-factor authentication, the goal of tech companies in recent years has been to create sign-in technology that is more convenient and more secure and move towards a passwordless future.
FIDO Alliance & W3C Standard
The new common passwordless sign-in standard that Apple, Google and Microsoft are joining forces to promote and introduce is an expanded standard created by the FIDO Alliance and the World Wide Web Consortium.
Two New Capabilities For Users
Although Apple, Google and Microsoft already support FIDO Alliance standards to enable passwordless sign-in on billions of devices, previous implementations have required users to sign-in to each website or app with each device before they can use the passwordless functionality. This latest announcement, therefore, is really about how the platform implementations have now been extended to give users two new capabilities for more seamless, secure passwordless sign-ins. These new capabilities are:
1. Users can now automatically access their FIDO sign-in credentials (also known as a “passkey”) on many of their devices, even new ones, without having to re-enrol every account.
2. Users can employ the FIDO authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the OS platform or browser.
This means that, as well as being easier and more convenient, if widely supported, service providers could also offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.
Follows A Decade Of Work
Mark Risher, Senior Director of Product Management for Google said, “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords”.
Talking about the standard’s contribution to the vision of a passwordless future, Alex Simons, Corporate Vice President, Identity Program Management at Microsoft said, “By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords”.
Andrew Shikiar, executive director and CMO of the FIDO Alliance highlighted how the standard could help service providers, saying “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilisation of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication”.
What Does This Mean For Your Business?
Finding solutions to keep one significant step ahead of cybercriminals whilst maintaining or increasing convenience for users, and avoiding the damage caused by data breaches, is an ongoing challenge for the tech companies. The passwordless future is the vision that’s starting to see some progress. 2FA has provided just enough security for now and biometrics were touted as the way ahead. Expanding the FIDO Alliance standards is the next “low-friction” step along the way and the weight of Apple, Google and Microsoft publicly getting behind it should mean that it is more widely adopted, thereby hastening the journey towards the realisation of the ‘passwordless’ vision. Cybercriminals, however, are always pushing and finding new ways to beat security systems, and with the threat of AI being used in the wrong way soon, it remains to be seen how successful the widespread use of the expanded FIDO Alliance standards will be in the near future.