By introducing simple verification of the user’s face or fingerprint, or a device PIN for accessing websites and apps, the three firms expect to protect users against phishing across devices and platforms; the new approach will make sign-in more secure when compared to passwords and legacy multi-factor technologies
Tech majors Apple, Google, and Microsoft are joining forces to extend support for the FIDO Alliance and the World Wide Web Consortium-created common passwordless sign-in standard.
With the new capability, websites and apps will be allowed to provide passwordless sign-ins that are consistent, secure, and easy for consumers across platforms and devices.
Under the expanded standards-based capabilities, apps and websites will be able to offer their users an end-to-end passwordless option.
Users will sign in via the same action that they take various times in a day to unlock their devices. This includes simple verification of their face or fingerprint or a device PIN.
According to the three tech majors, the new approach safeguards users against phishing. It will also drastically make sign-in more secure when compared to passwords and legacy multi-factor technologies like one-time passcodes delivered through SMS.
The platforms of Apple, Google, and Microsoft have been already supporting FIDO Alliance standards to allow passwordless sign-in on billions of devices. However, previous implementations would need users to sign in to each app or website with each device prior to using passwordless functionality.
The tech majors’ latest announcement extends the platform implementations to offer two new capabilities to users for making passwordless sign-ins more seamless and secure.
One of the capabilities is letting users access their FIDO sign-in credentials automatically on many of their devices, including new ones, without the need of re-enrolling every account.
Another capability is allowing users to use FIDO authentication on their mobile device to sign in to a website or app on a nearby device, irrespective of the OS platform or browser they are using.
FIDO Alliance executive director and CMO Andrew Shikiar said: “Simpler, stronger authentication is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products.”
“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
The two new capabilities are likely to become available across Google, Apple, and Microsoft platforms over the course of 2023.
Apart from enabling a better user experience, the support of the standards-based approach will let service providers offer FIDO credentials to users without requiring passwords as an account recovery method or alternative sign-in.
Google product management senior director Mark Risher said: “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future.
“We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”