Apple, Google, and Microsoft have joined together in a rare display of cooperation to expand support for passwordless logins across mobile, desktop, and browsers. According to Verizon’s annual data breach report, passwords are infamously unsafe, with weak and easily guessable credentials responsible for more than 80% of all data breaches. While password managers and multi-factor technologies provide incremental improvements, Apple, Google, and Microsoft are collaborating to develop easier and secure sign-in technology.
The tech giants announced on Thursday that they are expanding support for the FIDO Alliance and the World Wide Web Consortium’s password-free sign-in standard, which means you’ll soon be able to sign in to an app or website on a nearby device using your smartphone, regardless of the operating system or browser you’re using. You’ll unlock your smartphone using the same activity you do several times a day, such as a fingerprint verification, a facial scan, or a device PIN. Users will also be able to use their FiDO sign-in credentials, or “passkeys,” on numerous devices — even new ones — without having to re-enroll each account.
While the three firms have long supported the FIDO Alliance’s passwordless sign-in standard, users must still sign into each website or app with each device before using the passwordless functionality. The three tech titans will roll out passwordless FIDO sign-in standards across macOS and Safari, Android and Chrome, and Windows and Edge over the next year. This implies that customers will be able to sign in using a passkey on an Apple device on a Google Chrome browser operating on Microsoft Windows. Because logging in involves access to a physical device, hackers will have a much harder time compromising login data remotely.
In a press release, Apple’s senior director of platform product marketing, Kurt Knight, said, “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.” Jen Easterly, head of the US Cybersecurity and Infrastructure Security Agency (CISA), praised the new collective commitment, calling it “the sort of forward-leaning thinking that will ultimately keep the American people safer online.”
“At CISA, we’re aiming to improve all Americans’ cybersecurity baseline,” Easterly said. “Today marks a significant step forward in the security journey to encourage built-in security best practices and assist us in moving beyond passwords.” Cyber is a team sport, and we’re excited to keep working together.” While the password has so far resisted several attempts to eliminate it for good, this might be the final nail in the coffin.