Security Experts:

Tech Giants Unite in Effort to Scrap Passwords

Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard

In celebration of 2022 Word Password Day, Apple, Google and Microsoft announced plans to expand support for a sign-in standard from the FIDO alliance and the World Wide Web Consortium (W3C) that aims to eliminate passwords altogether.

The passwordless sign-in involves the use of a FIDO credential called passkey, which is stored on a phone. When signing into a website, users would need to have their phone nearby, as they will have to unlock it for access.

“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explains.

As Microsoft points out, with more than 921 password attacks every second, the wide adoption of common passwordless standards would mean cutting off the supply of passwords for attackers.

“Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN. Passkeys are fast, phish-resistant, and will be supported across leading devices and platforms,” the tech giant noted.

According to the FIDO alliance, the use of passwords for authentication is a big security issue across the web, mainly because many users often reuse the same password across services, which could lead to data breaches, account takeovers, and identity theft.

While password managers and the use of two-factor authentication improve the security of accounts, the new common standard is meant to ensure that users receive consistent, secure and passwordless sign-ins across websites and applications, regardless of the devices they use.

The FIDO Alliance and the W3C worked together with hundreds of tech companies globally to create the passwordless sign-in standards, which already enjoy support on billions of devices, as well as modern web browsers.

The Alliance also notes that Apple, Google, and Microsoft have led the development of the standards and are now in the process of expanding support for the passwordless sign-ins into their respective platforms.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” Kurt Knight, Apple senior director of platform product marketing, said.

Related: How Do We Get to a Passwordless World? One Step at a Time.

Related: Support for FIDO2 Passwordless Authentication Added to Android

Related: Microsoft Pushing for a Passwordless Windows 10

view counter