Google, Apple and Microsoft to expand support for passwordless sign-in standard

Apple, Microsoft and Google said they are building support for a common sign-in standard that would move platforms away from traditional passwords.

Apple, Google and Microsoft said they will be using a standard created by the FIDO Alliance and the World Wide Web Consortium that allows websites and apps to “offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.” The FIDO Alliance is an industry group created in 2012 to address the issues around passwords and phishing.

Google will implement passwordless support in Android and Chrome while Apple will do the same for iOS, MacOS and Safari. Microsoft announced plans to join them in providing the same support in Windows and Edge.

The platforms will now use verification fingerprints or faces, or a device PIN as a way to sign in. The companies said the approach will be more secure than passwords and “legacy multi-factor technologies such as one-time passcodes sent over SMS.”

Apple, Google and Microsoft will allow their users to automatically access their FIDO sign-in credentials on many of their devices without having to re-enroll every account. The announcement also said the platforms will allow users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a statement.

“At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords.”

Today, we are excited to share that @Apple @Google @Microsoft are aligned with this vision and will be implementing multi-device FIDO credentials over the course of the coming year! …
​​https://t.co/dCZ3zXKOVx pic.twitter.com/IBjrUBwh2w

— The FIDO Alliance (@FIDOAlliance) May 5, 2022

Sampath Srinivas, director of secure authentication at Google and president of the FIDO Alliance, said in a blog post on Thursday that the moves were made to “simplify sign-ins across devices, websites, and applications no matter the platform – without the need for a single password.”

He said Google was the first company to join the FIDO Alliance and in recent years, the company has pushed features like 2-Step Verification, Google Password Manager, Titan Security Keys, the Advanced Protection Program and built-in security for mobile devices.

“Google has long recognized that passwords offer weak protection against bad actors – a recent survey done with Ipsos, for example, found that 65% of all respondents use their credentials across various accounts,” Srinivas said. 

“It’s no secret that passwords are a pain and becoming less safe due to things like phishing scams, poor password hygiene and data breaches,” Srinivas added, noting that everyone needs “to move past passwords altogether, which is why we’ve been setting the stage for a passwordless future for over a decade.”

Srinivas explained that now when you sign into a website or app on your phone, you will simply unlock your phone, meaning your account won’t need a password anymore. 

Phones will now carry FIDO credentials called a passkey which will be used to unlock online accounts. 

For desktops and laptops, users will now be prompted on their phones when they sign in to websites. From then on, you can sign in to sites just by unlocking your computer.  

Even if you lose your phone, your passkeys will securely sync to your new phone from a cloud backup, allowing you to pick up where your old device left off, Srinivas said.

“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” said Microsoft vice president of identity program management Alex Simons. 

“By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”