Apple, Google and Microsoft take new step towards a ‘passwordless future’

5 May 2022

Image: © selinofoto/Stock.adobe.com

On World Password Day, the tech giants have committed to support a passwordless FIDO sign-in standard across their devices and platforms.

Three tech giants are making moves towards a future without passwords, as Apple, Google and Microsoft have committed to expand support for alternative sign-in methods.

On World Password Day (today, 5 May) the three companies shared plans to support a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.

These companies already support passwordless sign-in options, but usually require users to sign in to each website or app before they can use passwordless functionality.

Over the next year, the tech giants will expand this support and allow users to automatically access their FIDO sign-in credentials without having to sign in to every account. Users will also be able to use FIDO authentication mobile devices to sign in to an app or website on a nearby device, regardless of the operating system or browser they are running.

“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” Google senior director of product management Mark Risher said.

“For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future.”

FIDO, an open industry association that is looking to reduce reliance on passwords, described password-only authentication as “one of the biggest security problems” on the web. This is because many users end up reusing the same password across multiple services, which can lead to data breaches and account takeovers.

The alliance said that through expanded standards-based capabilities, users can sign in to accounts and apps by using the same action they take to unlock their devices, such as a fingerprint or a device PIN.

FIDO said this is more secure than passwords or “legacy multifactor technologies” such as one-time passwords being sent through email or text.

“Ubiquity and usability are critical to seeing multifactor authentication adopted at scale, and we applaud Apple, Google and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” FIDO Alliance CMO Andrew Shikiar said.

“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilisation of security keys – giving service providers a full range of options for deploying modern, phishing-resistant authentication,” Shikiar added.

Many security experts are advocating for passwordless-authentication methods to minimise the risk of breaches. However, Craig Lurey, CTO and co-founder of cybersecurity company Keeper Security, told SiliconRepublic.com last year that “no matter how much we innovate, passwords are here to stay”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com