Apple, Google, and Microsoft announced that they will be integrating new features of the FIDO Alliance and the World Wide Web Consortium’s common passwordless sign-in standard on their devices and platforms.
The standard was established to make the Internet more secure by letting users access websites without entering a password. The FIDO Alliance (Fast Identity Online) was founded in July 2012 to solve the issue of people using hackable passwords to sign into numerous platforms.
Passwordless authentication will be available in the future on all major device platforms, including Android and iOS mobile operating systems, Chrome, Edge, Safari browsers, and Windows and macOS desktop environments. It should be noted that these companies’ platforms already support FIDO Alliance standards for passwordless device sign-in.
According to a blog post published Thursday by Google, a passwordless login process will allow users to use their phones as the primary authentication device for apps, websites, and other digital services.
Unlocking the phone with whatever action is set as the default — entering a PIN, drawing a pattern, or using fingerprint unlock — will then be sufficient to sign in to web services without the need ever to enter a password, made possible by the use of a unique cryptographic token called a passkey that is shared between the phone and the website.
Instead of relying on unreliable password logins, users can be identified using a fingerprint reader, face scanner, or even a phone, making it easier to sign in with more robust authentication. Previously, users had to sign in to each website or app on each device before using passwordless functionality. According to the announcement, the new features “are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.”
Though many popular applications already supported FIDO authentication, initial sign-on required a password before FIDO could be configured, leaving users vulnerable to phishing attacks in which passwords are intercepted or stolen along the way.
However, according to Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance, the new procedures will do away with the initial password requirement.