Apple, Google, Microsoft expand their support for password-less sign-ins

Apple, Google and Microsoft are expanding support for a common password-less sign-in standard created by the FIDO Alliance and World Wide Web Consortium.

The FIDO Alliance said the move will allow websites and apps to offer consistent, secure, and easy password-free sign-ins to users across devices and platforms.

The expanded FIDO Standard will give websites and apps the ability to offer an end-to-end password-less sign-in option, enabling users to sign in through the same action they use to unlock their devices – such as a fingerprint, face verification or device PIN.

The new capabilities are expected to be implemented across Apple, Google, and Microsoft platforms over the course of this year. FIDO said this new approach will provide better protection over legacy multi-factor authentication to better protect against malicious attacks such as phishing.

“‘Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines,” commented Andrew Shikiar, executive director and CMO of the FIDO Alliance.

“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products.”

Password-only authentications is recognised as one of the biggest security issues on the internet today. With consumers requiring so many passwords in the modern landscape, many will often reuse the same ones across different platforms to help keep things simple.

However, this can make them more vulnerable to account takeovers, data breaches and, in the more extreme cases, even stolen identities.

To help create the new password-less sign-in standards, hundreds of tech companies and service providers from around the world have pulled together to get things in shape.

Many platforms already support FIDO Alliance standards, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality.

With this announcement, users will now be able to automatically access their FIDO sign-in credentials on many of their devices without needing to re-enroll every account. They’ll also be able to use the FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of OS.

“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication,” Shikiar added.