Tech giants Apple, Google, and Microsoft have announced extended support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. Expanded implementation will make faster, easier and more secure sign-ins available to consumers across leading devices and platforms, the firms stated. The move comes as the risks of password-only authentication continue to cause security threats for organizations and users.
It also follows the FIDO Alliance’s publication of a whitepaper in March 2022 describing how it will facilitate true passwordless support for consumer authentication. The organization’s focus had previously been on the enterprise.
Password-only authentication a significant security issue
Launched in 2013, the FIDO Alliance is an open industry association that aims to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. “Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services,” read a posting on the FIDO Alliance website. “This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.”
With the expanded standards-based capabilities, websites and apps will be able to offer an end-to-end passwordless option that allows users to sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint/face or a device PIN, the FIDO Alliance added. “This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.”
New capabilities for more seamless and secure passwordless sign-ins
Apple, Google and Microsoft already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign into each website or app with each device before they can use passwordless functionality. “Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins,” the FIDO Alliance said. These are:
- Allowing users to automatically access their FIDO sign-in credentials on many of their devices (including new ones) without having to re-enroll every account.
- Enabling users to use FIDO authentication on their mobile device to sign into an app or website on a nearby device, regardless of the OS platform or browser they are running.
Broad support of this standards-based approach will also enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method, the FIDO Alliance stated. The new capabilities are expected to become available across Apple, Google and Microsoft platforms over the course of the coming year.
“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online,” commented Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency. “I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers.”
The complete shift to a passwordless world will begin with consumers making it a natural part of their lives, added Alex Simons, Corporate VP, Identity Program Management, Microsoft. “Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today. By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords.”