Some of the world’s biggest tech companies are throwing considerable weight behind a common passwordless sign-in standard that could finally signal the end of static credentials for many users.
Apple, Microsoft and Google announced plans to support the FIDO Alliance and World Wide Web Consortium (W3C) standard, making it easier for websites and apps to deliver end-to-end passwordless authentication via fingerprint/face scan or device PIN.
Although the companies already support passwordless log-ins, users previously had to sign in to each website or app separately on each device before they could use the functionality.
Under the new proposals, users will be able to automatically access their FIDO sign-in credentials or “passkey” on their devices, including new ones, without needing to re-enroll each account.
They will also be able to use their mobile device to sign in to apps or websites on “nearby” devices on any supported OS or browser, FIDO claimed.
The news means those using Android and iOS mobile operating systems, Edge, Safari and Chrome browsers, and Windows and macOS desktop operating systems will soon be able to say goodbye to passwords permanently.
That’s good news as it will remove a major weak link in the security chain that allows opportunistic attackers to hijack accounts and steal data by guessing, brute-forcing or buying passwords on the dark web.
It will also improve on legacy multi-factor authentication (MFA) methods such as sending passcodes via SMS, as these can be intercepted via SIM swapping and other techniques.
“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA).
“At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.