Apple, Google and Microsoft have joined forces in a rare intercorporate collaboration to create passwordless sign-in technology that relies on smartphones to sign-in. The tech giants announced last week that they are coordinating support for the passwordless sign-in standard, developed by the World Wide Web Consortium (W3C) and the FIDO (Fast Identity Online) Alliance. As a result, by the end of the year users of any of the three operating systems should be able to sign-in to any app or website when using supporting browsers from their nearby device.
Users will with the same action undertaken multiple times a day to unlock their smartphones be able to activate their FIDO login credentials, or “passkeys,” on multiple devices — even new ones — without having to re-enter the information or enroll each account. The login actions include fingerprint authentication, a face scan or entering a PIN.
“Instead of a password, devices could look for your phone over Bluetooth,” reports Ars Technica.
Human-managed passwords notoriously vulnerable to incursion — by guesses or through a robust suite of password-cracking software apps developed by and for hackers. Verizon estimates more than 80 percent of all data breaches are a result of the insufficiencies of passwords. The password managers and multi-factor authentication technologies that have become popular security measures are only marginally effective.
While Microsoft, Google and Apple have for years individually supported FIDO’s passwordless sign-in, users were still forced to login anew to each website or app from each of their devices before they could activate the passwordless protocol. “Over the next year, the three tech giants will implement passwordless FIDO sign-in standards across macOS and Safari; Android and Chrome; and Windows and Edge,” writes TechCrunch.
“This means that, for example, users will be able to sign in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device. This will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device,” according to TechCrunch.
Wired writes of a white paper released by FIDO detailing the passwordless specs, then notes “everything is now riding on the success of this next step,” consumer adoption: “Educating consumers about passwordless alternatives and getting them comfortable with the change has proven difficult.” But the movement is now in motion.
FIDO writes in its press announcement that “hundreds of technology companies and service providers from around the world worked within the FIDO Alliance and W3C to create the passwordless sign-in standards that are already supported in billions of devices and all modern web browsers.