Apple, Google, and Microsoft have announced a joint effort in which they will be expanding support for the passwordless sign-in standard created by the FIDO Alliance and World Wide Web Consortium. This new standard will allow users to easily sign in to websites and apps across different devices and platforms in a seamless and secure manner.
Currently, password-only authentication is the primary method by which users sign in to websites and apps, which has led to users managing different passwords. When it comes to data breaches, users find it difficult to change their passwords across services, even though it has been made easier by password management tools to notify users of such instances. The use of the same password across different services makes this increasingly insecure, due to which a new passwordless sign-in standard has been created. The aim of this standard is to make it secure and seamless to sign in to websites and apps.
Passwordless sign in coming soon to a platform near you
As per the new standard, websites and apps will be able to provide a passwordless option. Users will be able to sign in simply by unlocking their device to verify which could be in the form of Face ID, Touch ID, or a PIN. As users will not have to worry about password management, this will make such services secure against phishing attacks and also phase out older methods like using 2FA over SMS.
With the latest announcement on Apple’s website, users will be able to use passworldless sign-in through the following implementations:
- Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to reenroll every account.
- Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
The second point is important as it would require users to rely on their mobile device to authenticate themselves, even if they are using a PC or any other device.
Kurt Knight, Apple’s Senior Director of Platform Product Marketing, said in the announcement:
“Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
While Apple has not shared any roadmap regarding the implementation of this new standard on its platforms, Google has hinted that it will be available over the coming year. Google has also shared a concept screenshot of how the feature would work on Android and Chrome, which we have also used as this article’s image.