The tech giants want to roll out FIDO passkey technology in the coming year
On May 5th, World Password Day, we may have taken another step toward making passwords obsolete.
Apple, Google, and Microsoft said on Thursday morning that in the coming year, they will create support for passwordless sign-in across all of their mobile, desktop, and browser platforms.
Passwordless authentication will be available in the near future on all major device platforms, including Android and iOS mobile operating systems, Chrome, Edge, and Safari browsers, and Windows and macOS desktop environments.
“We build our devices to be private and safe just as we design them to be intuitive and capable,” said Kurt Knight, Apple’s senior director of platform product marketing.
“Our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe — is central to our commitment to working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords.”
According to Google, a passwordless login method will allow consumers to use their phones as the primary authentication mechanism for apps, websites, and other digital services. Unlocking the phone with the default action — entering a PIN, drawing a pattern, or using fingerprint unlock — will be enough to sign in to web services without ever having to enter a password, thanks to the use of a unique cryptographic token called a passkey shared between the phone and the website.
The notion is that by making logins dependent on a physical device, users will benefit from both ease and security.
There will be no need to remember login data across services or risk security by reusing the same password in many locations if you don’t have a password.
Similarly, because signing in requires access to a physical device, a passwordless system will make it much more difficult for hackers to remotely compromise login details; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much more difficult to mount.
Microsoft’s vice president of security, compliance, identity, and privacy, Vasu Jakkal, underlined the degree of platform compatibility.
“You can sign in to an app or service on practically any device with passkeys on your mobile device, regardless of the platform or browser the device is running,” Jakkal said in an emailed statement.
“For example, on a Google Chrome browser operating on Microsoft Windows, users can sign in using a passkey on an Apple device.”
Users will simultaneously benefit from simplicity and security
The cross-platform feature is enabled via the FIDO standard, which uses public key cryptography principles to provide passwordless login and multi-factor authentication in a variety of situations.
When a user’s phone is unlocked, it can store a unique FIDO-compliant passkey and share it with a website for authentication.
Passkeys may also be simply synchronised to a new device from cloud backup in the event that a phone is misplaced, according to Google’s website.
Despite the fact that many popular programmes already supported FIDO authentication, initial sign-on required the use of a password before FIDO could be setup, leaving users vulnerable to phishing attacks in which passwords were intercepted or stolen along the route.
“This expanded FIDO support announced today will enable websites to implement an end-to-end passwordless experience with phishing-resistant security for the first time,” Srinivas said. “This includes both the first and subsequent logins to a website. We’ll finally have the internet platform for a genuinely passwordless future when passkey support becomes accessible across the industry in 2022 and 2023.”
Apple, Google, and Microsoft have all stated that the new sign-in capabilities will be accessible across platforms in the coming year, though no precise timeline has been given. Despite the fact that the plot to murder the password has been ongoing for years, there are indicators that it may have finally succeeded this time.
