The tech giants, Apple, Google, and Microsoft, in a joint effort to make the web more secure and usable for all, have adopted the common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.
The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms. Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads to reuse the same ones across services.
This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective reality by committing to support this user-friendly innovation in their platforms and products. This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys, giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN.
This protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
In addition to facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method. These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.