In early 2020, Apple joined the FIDO Alliance, an open industry association created to improve interoperability of authentication methods and reduce reliance on traditional passwords. Now, Apple, Google, and Microsoft have committed to expanding support for the FIDO standard to introduce a universal "passwordless" login method.
The new standard, developed by FIDO and the World Wide Web Consortium, is designed to enable apps and websites to offer a consistent and secure login method across devices and platforms. The alliance points out that authentication that relies solely on passwords is more vulnerable to security breaches because many people have simple passwords or reuse them across multiple services. The three companies believethat while improvements in password management and two-factor authentication have made digital life more secure, they can do more to protect users.
FIDO credentials are offered as a single sign-in option
Apple, Google, and Microsoft all already offer support for the FIDO standard. However, the current implementation still requires users to log into each app or website on each device before they can enable a passwordless login method. So they will now expand support for this new login standard in their products. Soon, users will be able to access their FIDO credentials on all their devices without having to log in for each account. Authentication will also work regardless of the platform or web browser. More importantly, FIDO credentials will be offered as a single sign-in option, without the need for a password or recovery method. Another innovation in the standard is the ability to authenticate a new device with another nearby device that already has the credentials.
The advantages of FIDO summarized
The new FIDO standard replaces traditional passwords and makes users less vulnerable to phishing attacks because authentication relies on biometric data stored on the user's device rather than a shared password. It also eliminates the need to send authentication codes via SMS that can be forged by hackers. On Apple's platforms, apps and websites can already authenticate with Face ID or Touch ID instead of using a regular password. This technology is different from iCloud Keychain, which only uses biometric data to autofill your password but does not replace it.
Further details could follow at WWDC 2022
There are no details yet on when expanded FIDO support will be available on Apple's platforms. We'll likely hear more about it during WWDC 2022 in June. Google says it's working on making the technology available in Chrome, ChromeOS and Android products, while Microsoft has said it plans to expand support across its apps and services. (Photo by DenPhoto / Bigstockphoto)
