November 26, 2022

Apple, Google and Microsoft collaborate to support passwordless FIDO logins

Apple, Google and Microsoft collaborate to support passwordless FIDO logins

On May 5th – World Password Day – we may be one step closer to having passwords become a thing of the past.

In a joint effort, tech giants appleGoogle and Microsoft announced Thursday morning They have committed to building support for passwordless login across all mobile, desktop and browser platforms they control in the coming year. Effectively, that means it Authentication without password It will reach all major hardware platforms in the not too distant future: Android and iOS mobile platforms; Chrome, Edge and Safari browsers; Windows and macOS desktop environments.

“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s senior director of platform product marketing. “Working with the industry to create new, more secure login methods that provide better protection and eliminate password vulnerabilities is fundamental to our commitment to building products that provide maximum security and a transparent user experience – all with the goal of keeping users’ “personal information safe.”

Representation of login without password
Photo: FIDO Alliance

The passwordless login process will allow users to choose their phone as the main authentication device for apps, websites and other digital services, Google explained in Blog post Posted Thursday. Unlocking the phone with anything set as default – entering a PIN, drawing a pattern or using fingerprint unlock – will be enough to log into web services without having to enter a password at all, which is made possible through the use of a unique token It is called a passkey that is shared between the phone and the website.

By making logins conditional on a physical device, the idea is that users will simultaneously benefit from simplicity and security. Without a password, there will be no obligation to remember your login details via the Services or jeopardize your security by reusing the same password in multiple places. Likewise, a passwordless system would make it more difficult for hackers to remotely hack login details because login requires access to a physical device; In theory, phishing attacks in which users are directed to a fake website to capture passwords would be much more difficult.

Vasu Jakal, Microsoft’s Vice President of Security and Compliance, Identity and Privacy, emphasized the degree of cross-platform compatibility. “By using passkeys on your mobile device, you can log into an app or service on virtually any device, regardless of which platform or browser the device is running,” Jackal said in an emailed statement. For example, users can sign in to the Google Chrome browser running on Microsoft Windows—using a passkey on an Apple device.

Cross-platform functionality made possible by a file Standard called FIDO, which uses public key cryptography principles to enable passwordless authentication and multi-factor authentication in a range of contexts. The user’s phone can store a unique FIDO-compliant passkey and will only share it with an authentication website when the phone is unlocked. As per Google’s post, passkeys can also be easily synced to a new device from a cloud backup in case the phone is lost.

Although many applications are already popular FIDO authentication support includedthe initial login requires a password before FIDO is configured – which means users are still vulnerable to phishing attacks that see passwords intercepted or stolen along the way.

But the new measures will eliminate the initial password requirement, Sampath Srinivas, Google’s director of product management for secure authentication and president of the FIDO Alliance, said in an email statement sent to the edge.

“This expanded FIDO support announced today will allow websites to implement, for the first time, a comprehensive password-free trial with phishing-resistant security,” said Srinivas. “This includes both first website login and login frequency. When passkey support becomes available across the industry in 2022 and 2023, we will finally have an online platform for a truly password-free future.”

So far, Apple, Google, and Microsoft have said they expect the new login capabilities to become available across platforms next year, although no more specific roadmap has been announced. although Plot to kill password Years ago, and there are signs that, this time around, he may have finally worked.