In early 2020, Apple joined the FIDO Alliance, an open industry association created to increase the interoperability of authentication methods and reduce reliance on traditional passwords. Now Apple, Google, and Microsoft have committed to expanding support for the FIDO Standard, moving toward a universal “passwordless” sign-in method.
The new standard, which was created by FIDO and the World Wide Web Consortium, aims to allow apps and websites to offer a unified and secure login option across different devices and platforms. As the alliance pointed out, authentication that relies solely on passwords is more susceptible to security breaches, as many people have easy passwords or reuse them across services.
The three companies believe that while improvements in password management and two-factor authentication have made digital life safer, there’s still more they can do to protect users.
Both Apple, Google, and Microsoft already provide support for the FIDO Standard, but the current implementation still requires the user to log into each app or website on each device before enabling a passwordless sign-in method. That’s why they will now expand support for this new sign-in standard in their products.
Users will soon be able to access their FIDO credentials on all their devices without having to re-register for each account. Authentication will also work regardless of platform or web browser. More importantly, FIDO credentials will be offered as a single sign-in option, without the need for a password or recovery method.
Another addition to the standard is the ability to authenticate a new device using another nearby device that already has the credentials.
The benefits of FIDO
By replacing regular passwords, the new FIDO standard makes users less susceptible to phishing attacks, since authentication relies on biometrics stored on the user’s device, rather than a shareable password. It also eliminates the need for authentication codes sent via SMS, which can be spoofed by hackers.
When it comes to Apple platforms, apps and websites can already let users authenticate with Face ID or Touch ID instead of using a regular password. It’s worth noting that this technology is different from iCloud Keychain, which only uses biometrics to auto-fill your password and not replace it.
There are no details on when expanded FIDO support will arrive on Apple platforms, but we will likely hear more about it at WWDC 2022 in June. Google says it is working to make the technology available across Chrome, ChromeOS, and Android products, while Microsoft has said that it will build support across its apps and services.