- Apple, Google and Microsoft will collaborate for a system created by the FIDO Alliance and the World Wide Web Consortium, which they say will allow for “faster, easier, and more secure sign‑ins.”
- Each company cited security concerns as a major driver behind the change, linking the use of passwords to phishing, scams, hacking and other security risks
Passwords are often plagued with a myriad of problems; they are costly and burdensome to manage; they cause poor user experiences; and they are easily compromised. In fact, Verizon’s “2021 Data Breach Investigations Report” found compromised credentials were involved in 61% of breaches. Tech giants like Apple, Google, Microsoft and others have long realized the issues with passwords and have been working towards eliminating it gradually.
“However, to really address password problems, we need to move beyond passwords altogether, which is why we’ve been setting the stage for a passwordless future for over a decade,” Google product manager and FIDO Alliance president Sampath Srinivas highlighted in a recent blog posting.
Therefore, for the first time, Apple alongside Google and Microsoft are joining hands to implement passwordless support for Android & Chrome using standards created by the FIDO Alliance and the World Wide Web Consortium. The move will simplify sign-ins across devices, websites, and applications irrespective of the platform — without the need for a single password. According to all three companies, the option will be available over the course of the coming year across macOS and Safari; Android and Chrome; and Windows and Edge.
“While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure,” Apple said in a press release recently. The FIDO Alliance is an open industry association with representatives from various leading tech companies, including Amazon, Google, and Meta—and they have been working towards the goal of a passwordless online world for years.
How will Apple, Google or Microsoft apply a passwordless future?
With a passwordless approach, users will have to simply unlock their phone when they need to sign into a website or app on your phone — their account won’t need a password anymore. Instead, their phone will store a FIDO credential called a passkey which is used to unlock an online account. The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to the specific online account when the phone is unlocked.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Google said in a separate blog posting.
This new collective commitment was also commended by the US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly, who called it “the type of forward-leaning thinking that will ultimately keep the American people safer online.” Prior to this, Microsoft has since announced that it is doing away with passwords in some of its products such as emails, and allowing users to only have biometric access.