Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Tech Giants Unite in Effort to Scrap Passwords

Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard

Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard

In celebration of 2022 Word Password Day, Apple, Google and Microsoft announced plans to expand support for a sign-in standard from the FIDO alliance and the World Wide Web Consortium (W3C) that aims to eliminate passwords altogether.

The passwordless sign-in involves the use of a FIDO credential called passkey, which is stored on a phone. When signing into a website, users would need to have their phone nearby, as they will have to unlock it for access.

“Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google explains.

As Microsoft points out, with more than 921 password attacks every second, the wide adoption of common passwordless standards would mean cutting off the supply of passwords for attackers.

“Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN. Passkeys are fast, phish-resistant, and will be supported across leading devices and platforms,” the tech giant noted.

According to the FIDO alliance, the use of passwords for authentication is a big security issue across the web, mainly because many users often reuse the same password across services, which could lead to data breaches, account takeovers, and identity theft.

While password managers and the use of two-factor authentication improve the security of accounts, the new common standard is meant to ensure that users receive consistent, secure and passwordless sign-ins across websites and applications, regardless of the devices they use.

The FIDO Alliance and the W3C worked together with hundreds of tech companies globally to create the passwordless sign-in standards, which already enjoy support on billions of devices, as well as modern web browsers.

The Alliance also notes that Apple, Google, and Microsoft have led the development of the standards and are now in the process of expanding support for the passwordless sign-ins into their respective platforms.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” Kurt Knight, Apple senior director of platform product marketing, said.

Related: How Do We Get to a Passwordless World? One Step at a Time.

Related: Support for FIDO2 Passwordless Authentication Added to Android

Related: Microsoft Pushing for a Passwordless Windows 10

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...