May 5 2022
Apple, Google, and Microsoft are committed to expanding support for the FIDO standard to accelerate password-free sign-in
Faster, easier, and more secure logins will be available to customers across leading devices and platforms
Mountain View, California In a joint effort to make the Web more secure and usable for everyone, Apple, Google, and Microsoft today announced plans to expand support for the subscriber password-less sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consumers consistent, secure and easy password-free logins across devices and platforms.
Password-only authentication is one of the biggest security issues on the web, and managing many passwords is cumbersome for consumers, often resulting in the same words being reused across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. Although password managers and older forms of two-factor authentication are offering incremental improvements, there has been industry-wide collaboration to create a more convenient and secure login technology.
Expanded, standards-based capabilities will give websites and apps the ability to offer an end-to-end password-free option. Users will sign in through the same procedure they do multiple times each day to unlock their device, such as a simple verification of their fingerprint, face, or device PIN. This new approach protects against phishing and logging in will be radically more secure when compared to old multifactor passwords and technologies such as one-time passcodes sent via SMS.
Expand the standard support without password
Hundreds of technology companies and service providers from around the world have worked within the FIDO Alliance and the W3C to create the passwordless login standards that are already supported on billions of devices and all modern web browsers. Apple, Google, and Microsoft led the development of this expanded set of capabilities and are now building support into their respective platforms.
These companies’ platforms already support FIDO Alliance standards to enable passwordless login on billions of industry-leading devices, but previous implementations required users to sign into every website or app with every device before they could use the passwordless functionality. Today’s announcement expands these platform apps to give users new password-less login capabilities more seamlessly and securely:
- Allow users to automatically access their FIDO login credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-register each account.
- Enable users to use FIDO authentication on their mobile device to log into an app or website on a nearby device, regardless of the underlying operating system or browser they’re running.
In addition to facilitating a better user experience, broad support for this standards-based approach will enable service providers to provide FIDO credentials without the need for passwords as an alternative method of logging in or account recovery.
These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the next year.
“Simpler, Stronger Authentication” isn’t just the motto of the FIDO Alliance – it’s also been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability is critical to the vision of multi-factor authentication being widely adopted, and we applaud Apple, Google and Microsoft for helping make this goal a reality by committing to supporting this user-friendly innovation across their platforms and products,” said Andrew Shekiar, CEO and Marketing Director of the FIDO Alliance “This new capability will usher in a new wave of low-friction FIDO implementations combined with the continued and increasing use of security keys – giving service providers a full range of options to deploy modern, phishing-resistant authentication.”
“The standards developed by the FIDO Alliance and the World Wide Web Consortium and led by these hands-on innovative companies are the kind of forward-thinking that will ultimately make the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility to service providers and an experience A better user for customers,” said Jane Eastry, director of the US Agency for Cybersecurity and Infrastructure Security. “At CISA, we are working to raise the bar for essential cybersecurity for all Americans. Today is an important milestone in the security journey to encourage embedded security best practices and help us bypass passwords. Cyber is a team sport, and we are excited to continue our collaboration.”
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s senior director of platform product marketing. “Working with the industry to create new, more secure login methods that provide better protection and eliminate password vulnerabilities is fundamental to our commitment to building products that provide maximum security and a transparent user experience – all with the goal of keeping users’ “personal information safe.”
“This achievement is a testament to the collaborative work being done across the industry to increase protection and eliminate legacy password-based authentication,” said Mark Reacher, Google’s senior director of product management. “For Google, this represents nearly a decade of work that we have done alongside FIDO, as part of our ongoing innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage developers to Apps and websites to adopt it, so people around the world can safely stay away from the dangers and hassles of passwords.”
“The complete transition to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be more secure, easier, and faster than the old passwords and multifactor authentication methods in use today,” says Alex Simmons, corporate vice president, management Microsoft Identity Program. “By working together as a cross-platform community, we can finally achieve this vision and make significant progress toward password removal. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft applications and services.”
About the FIDO Alliance
FIDO Alliance (Fast IDentity Online), www.fidoalliance.org, in July 2012 to address the lack of interoperability between strong authentication technologies, and to address problems users encounter in creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with Standards Simpler, stronger authentication defines a set of open, scalable, and interoperable mechanisms that reduce dependency on passwords. FIDO authentication is stronger, private, and easier to use when authenticating online services.
Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with the iPhone, iPad, Mac, Apple Watch, and Apple TV. Apple’s five software platforms — iOS, iPadOS, macOS, watchOS and tvOS — deliver seamless experiences across all Apple devices and empower people with cutting-edge services including the App Store, Apple Music, Apple Pay and iCloud. Apple’s 100,000+ employees are dedicated to making the best products on earth, and leaving the world in better shape than we found it.
Google’s mission is to organize information around the world and make it useful and accessible to everyone. Through products and platforms such as Search, Maps, Gmail, Android, Google Play, Google Cloud, Chrome and YouTube, Google plays a meaningful role in the daily lives of billions of people and has become one of the world’s most globally recognized companies. Google is a subsidiary of Alphabet Inc.
Microsoft (Nasdaq “MSFT” microsoft) is enabling digital transformation for the era of smart cloud and smart edge. Its mission is to empower every person and every organization on the planet to achieve more.
Click on Contacts
Apple Media Help Line