Passwordless sign-in to be adopted by Apple, Microsoft & Google
It started with simple PIN codes, before moving to biometric ID like fingerprints and using your face to unlock your device. Now, Apple, Google and Microsoft have committed to the move towards passwordless sign-in. Supporting a standard created by the FIDO Alliance and World Wide Web Consortium, these three tech giants will help consumers move towards a more consistent and secure authentication process across all platforms.
Enhanced online security with passwordless sign-in
Password-based security has historically been poor. Just last year, the string ‘123456’ was supposedly still being used by 23 million account holders. Many people are still using the same passwords for multiple accounts, or for both work and personal accounts. While password manager software exists for juggling multiple sets of credentials, most people still don't use a password manager. The frequently-touted statistics from numerous sources sit somewhere between 25-50%, depending on region.
Clearly, a change is needed to force consumers to adopt better security practices. Well, the new FIDO standards underpinning the move towards passwordless sign-in should offer us all some peace of mind.
Under FIDO guidance, companies will be able to configure their applications and websites to offer an authentication process that does not rely on the traditional username and password credentials. All being well, it should mean a significant drop in phishing attacks, which remain one of the biggest online security risks to both consumers and businesses.
Changes coming as soon as 2023
Apple, Google and Microsoft's pledge to switch to passwordless sign-in should create serious waves in the cybersecurity and consumer software industries. It's said that the three tech giants are looking to add new capabilities as early as 2023. Under these changes, you'll be able to access a unique FIDO passkey on your device, and even use one device to authenticate on another.
How will FIDO authentication work?
If you're familiar with how cryptocurrency and the blockchain works, then the process isn't too dissimilar. Upon registering for a new application or website, you'll generate both a public and private key. Private keys will remain stored on your device, whereas public keys will be registered against the service you've signed up for. When authenticating, you'll have to prove that the associated private key is still in your possession. This will work with the authentication methods we're already familiar with; for example, Touch ID, Face ID and so on.
In addition to streamlining the login process for all of your apps and services, the hope is that these changes will strengthen online security for all. While passwordless sign-in is not an entirely new concept, it’s hoped that the changes will expand knowledge and availability of this highly secure authentication method to the wider public.
“These companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality. Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins:
(1) Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account.
(2) Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.”
Need a cybersecurity copywriter? Drop me a line.