Apple, Google, and Microsoft are in the process of pivoting to passwordless sign-ins for accessing websites and apps across their devices and platforms. The companies announced their joint support for a system created by the FIDO Alliance and the World Wide Web Consortium in a press release on Thursday, which they say will allow for “faster, easier, and more secure sign‑ins.”
Representatives from each company cited security concerns as a major driver behind the change, linking the use of passwords to phishing, scams, hacking and other security risks. There’s also the pesky problem of having to remember countless logins. These weaknesses have led to a rise in two-factor authentication and password managers in recent years, as well as passkeys that can be utilized across devices.
However, experts say this new method will offer an additional level of security by linking logins directly to devices (as opposed to having to send data and authenticate identity via a remote server), plus an ease of implementation since the same standards will work across products. FIDO says that its process for login uses public key cryptography techniques, which generates a paired public and private key for the local device and the user’s account. While the public key can be sent online and used to interact across different services or devices, the private key and information about local authentication, like fingerprint data, will never leave the device.
“The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option,” Apple’s press release explains. “This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.”
Here’s what password-free logging in will look like, according to a Google blog post: Users will set up authentication actions like entering a PIN code to unlock their devices (Apple says that fingerprint and Face ID will also be an option for its products). Once unlocked, users will not need to login to any additional participating apps or browsers, as the FIDO Alliance utilizes a passkey credential to do that for you.
As Google explains, the system is “based on public key cryptography” and only provides your credentials once your device has been unlocked. The passkey system has the capability to connect to the cloud so that new devices can be onboarded under your same account, as well.
The FIDO Alliance—an open industry association with representatives from many leading tech companies, including Amazon, Google, and Meta—has been working towards the goal of a passwordless online world for years. This marks a significant turning point in the adoption of its standards, as well as the ability to fully eschew password access. These standards are expected to be implemented across all three companies within the coming year.