Technology giants Apple, Google, and Microsoft have announced the development of a password-free sign-in for all mobile, fixed, and browser platforms they control. Instead of passwords, they are going to introduce FIDO technology next year.
This means that password-free authentication will come out on all major platforms:
- Android and iOS mobile OS
- Chrome, Edge and Safari
- desktop Windows and macOS
Authentication in applications, sites and other digital services will be done using a phone that can be used for passwordless sign-in. Google gave a detailed explanation about this in a post published on Thursday.
To log in to web services, it will be enough to unlock the phone in any way – by entering a PIN, graphic key, or fingerprint. Authentication will be handled by a unique cryptographic token called an “access key” shared by the phone and the site.
“Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” said Kurt Knight, Apple’s Senior Director of Platform Marketing.
The idea is that the sign-in will depend on the physical device. Users will not have to memorize many sign-in settings for different services or compromise security by using the same passwords in many places. It will also make it harder for hackers to access their accounts, as they require a physical device to log in, and phishing attacks in which users are directed to a fake site to retrieve a password.
FIDO standard will provide cross-platform operation of passwordless sign-in. It uses the principles of public key cryptography to implement password-free and multi-factor authentication as needed.
The user’s phone can store a unique, FIDO-compliant key and provide it to the website for authentication only when the phone is unlocked. Access keys can be easily synchronized with a new device via cloud backup if the phone is suddenly lost.
You will still need to use a password to set up your FIDO before signing in. However, new developments should eliminate this requirement.
“Extended FIDO support will allow websites to introduce end-to-end passwordless access with phishing protection. This applies to both first and second sign-in. When support for access keys comes out in the industry in 2022 and 2023, we will finally have an online platform for a truly password-free future,” said Sampath Srinivas, President of FIDO Alliance.