Apple, Google, Microsoft Commit to Passwordless Sign-in

Cropped image of a woman working on a laptop wearing a smartwatch

Apple, Google, and Microsoft have announced that they will expand support for a common passwordless sign-in standard across their ecosystems. The standard, developed by the FIDO Alliance and the World Wide Web Consortium (W3C), aims to improve security and simplify signing in to different websites and apps.

Members of the global tech industry worked with FIDO Alliance and WC3 to develop the passwordless authentication standard. The three tech giants already support passwordless sign-in on their respective platforms. Now, they are working to improve upon this by adding new capabilities for users through the coming year.

Passwordless Sign-in Standards Offer More Security and Convenience

Password-only authentication is a major security issue. Many internet users find managing multiple passwords across platforms very difficult. This often leads to the recycling of the same password on multiple websites and services, which is a dangerous practice. A password leak can lead to data breaches, account takeovers, and identity theft.

Password managers and legacy forms of multi-factor authentication (MFA) represent a slight improvement in the status quo. However, as we have reported in the past, password managers are vulnerable to cyberattacks, and MFA has been ineffective at stopping hackers. FIDO standards offer a more secure and easy-to-use passwordless sign-in process.

These standards will allow websites and apps to offer an end-to-end passwordless option. The widespread adoption of FIDO Alliance standards is expected to protect against phishing attacks as it is more secure than legacy MFA techniques such as one-time passwords sent over SMS.

Apple, Google, Microsoft to Add New Capabilities by Next Year

At the moment, users have to sign in to the Apple, Google, and Microsoft website or app individually on their different devices before they can use the passwordless feature. However, that could change next year as these tech companies expand support for FIDO standards.

With the new capabilities, users will be able to access their FIDO passkey on different devices without having to re-enroll each account. Also, users will be able to use FIDO authentication on a mobile device to sign in to an app or website on another device, irrespective of the OS or browser they are using.

“‘Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” Andrew Shikiar, FIDO Alliance’s executive director and CMO, said.

“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication,” he added.

How FIDO Authentication Works

FIDO standards work with private and public keys. When you sign up to a website or app, your device generates new private and public keys. The private key is stored on your device while the public key is registered with the online platform.

To sign in to a website or app, you must prove that you have the private key. You can do this with the same simple actions used to unlock your device. For example, you can use your fingerprint, face verification, voice, or device PIN to sign in to your account.

The FIDO standard is not only user-friendly, but it is also more secure and does a better job of protecting user privacy.

Until passwordless sign-in becomes ubiquitous, we recommend using a highly secure password for all your online accounts. Check out our ultimate guide to creating a secure password to learn how passwords get hacked and how to protect yourself online.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.