Apple, Google and Microsoft have announced a joint effort to support a new type of online sign-in which could replace passwords and is designed to make the web more “secure and usable for all”.
The technology giants have agreed to support a new common passwordless sign-in standard which has been created by industry body the Fido Alliance and the World Wide Web Consortium.
The new standard, once in place, would allow people to sign in to websites and apps in the same way that they unlock their devices; such as by using a fingerprint or face scan to verify themselves, or by entering a device PIN.
— The FIDO Alliance (@FIDOAlliance) May 5, 2022Advertisement
The system will enable people to access and use their new passwordless sign-in credentials – known as a passkey – across different devices without having to sign in to every account again on each device.
The tech giants said the new system would also allow people to use a fingerprint or facial scan authentication on their smartphone as a way of signing in on another device nearby, regardless of which operating system or browser they were running.
This would reduce the need for people to remember a wide range of username and password combinations to log in to different services, they said, which often led to passwords being reused across multiple accounts – something experts said was one of the biggest security risks in the digital world.
Apple, Google and Microsoft said they hoped to start making these capabilities available across their platforms over the coming year.
“‘Simpler, stronger authentication’ is not just Fido Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines,” Fido Alliance executive director Andrew Shikiar said.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products.
“This new capability stands to usher in a new wave of low-friction Fido implementations alongside the ongoing and growing utilisation of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
The announcement comes on World Password Day, and as cybersecurity experts called for the public and businesses to “drop passwords altogether” in order to better protect personal data.
Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”, adding that the industry needed to move on to newer technologies in order to boost security.