Apple, Google and Microsoft to use new FIDO standard for passwordless sign‑ins


On the World Password Day, Apple, Google, and Microsoft have announced efforts to increase support for the FIDO Alliance, an open industry association tasked with developing and supporting authentication standards, and the World Wide Web Consortium’s passwordless sign-in standard. The new approach will help websites and apps to provide consumers with consistent, safe, and easy passwordless sign-ins across devices and platforms.

The FIDO Standard is already supported by Apple, Google, and Microsoft, but the present implementation still needs the user to authenticate into each app or website before activating a passwordless sign-in mechanism.

But, the new implementation will soon let users be able to utilize their FIDO credentials such as a simple verification of their fingerprint or face, or a device PIN, across many devices without having to sign up again.

To authenticate a user, any web browser or platform can be utilized. There will be a single sign-in option with FIDO credentials, with no need for a password or recovery method. The ability to verify a new device using the credentials of another nearby device regardless of OS is another feature added to the new standard.

Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.

In the future, this new approach from FIDO will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method.

These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year.

Regarding this announcement, Andrew Shikiar, executive director and CMO of the FIDO Alliance, said,

Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,

This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.

Source