Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Tech Giants Unite in Effort to Scrap Passwords

Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard

Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard

In celebration of 2022 Word Password Day, Apple, Google and Microsoft announced plans to expand support for a sign-in standard from the FIDO alliance and the World Wide Web Consortium (W3C) that aims to eliminate passwords altogether.

The passwordless sign-in involves the use of a FIDO credential called passkey, which is stored on a phone. When signing into a website, users would need to have their phone nearby, as they will have to unlock it for access.

“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explains.

As Microsoft points out, with more than 921 password attacks every second, the wide adoption of common passwordless standards would mean cutting off the supply of passwords for attackers.

“Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN. Passkeys are fast, phish-resistant, and will be supported across leading devices and platforms,” the tech giant noted.

According to the FIDO alliance, the use of passwords for authentication is a big security issue across the web, mainly because many users often reuse the same password across services, which could lead to data breaches, account takeovers, and identity theft.

While password managers and the use of two-factor authentication improve the security of accounts, the new common standard is meant to ensure that users receive consistent, secure and passwordless sign-ins across websites and applications, regardless of the devices they use.

Advertisement. Scroll to continue reading.

The FIDO Alliance and the W3C worked together with hundreds of tech companies globally to create the passwordless sign-in standards, which already enjoy support on billions of devices, as well as modern web browsers.

The Alliance also notes that Apple, Google, and Microsoft have led the development of the standards and are now in the process of expanding support for the passwordless sign-ins into their respective platforms.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” Kurt Knight, Apple senior director of platform product marketing, said.

Related: How Do We Get to a Passwordless World? One Step at a Time.

Related: Support for FIDO2 Passwordless Authentication Added to Android

Related: Microsoft Pushing for a Passwordless Windows 10

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Register

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

Orchid Security has appointed a new Chief Product Officer and three advisors.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.