Apple, Google and Microsoft have announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The FIDO Alliance is an open industry association launched in February 2013 whose mission is to “Help reduce the world’s over-reliance on passwords”.
The new capabilities will allow users to sign in through the same actions they take each day to unlock their devices every day, like the fingerprint scanner on Android phones, Touch ID and Face ID on iPhones and device PINs, etc.
According to the FIDO Alliance, this new approach will protect against phishing, making sign-ins more secure when compared to passwords and legacy multi-factor authentication technologies such as OTPs (one-time passwords) sent over SMS.
These companies’ platforms already supported FIDO standards that enable passwordless sign-in on many devices but the previous implementations required users to sign in to each website or app with each device before they can use the passwordless functionality. With the latest announcement, these companies will extend the implementation to give users two new capabilities:
First, it will allow users to automatically access their FIDO sign-in credentials on many devices including new ones, without having to re-enroll every account. Second, it will enable users to use FIDO authentication on their mobile devices to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance, in a press statement.
These new capabilities could be rolled out to Apple, Microsoft and Google platforms either this year or by the next.