Apple, Google And Microsoft Join Forces In Huge Push For Passwordless FIDO Logins

Google graphic showing FIDO authentication
Admit it, you use the same password for multiple sites. Even if you don't, a lot of people do because it's just too darn difficult to juggle separate login credentials for a multitude of services and websites that you use or visit on a regular basis. Maybe you employ a password manager to keep track of everything, or create unique logins for just the really important sites, like your banking institution. Well forget all that, because some of the biggest names in tech—Apple, Google, and Microsoft—are coming together to push for a passwordless future.

Apple, Google, and Microsoft don't always see eye-to-eye with one another, but they do when it comes to supporting a common passwordless sign-in standard. All three companies throwing their weight behind FIDO authentication promoted by the FIDO Alliance and World Wide Web Consortium (W3C).

"Simpler, stronger authentication’ is not just FIDO Alliance’s tagline—it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products," said Andrew Shikiar, executive director and CMO of the FIDO Alliance.

FIDO authentication aims to deliver "end-to-end" passwordless sign-ins for sites, services, and apps using the same mode of verification that most people already use on their smartphone or PC. For example, if you unlock your smartphone with a PIN, face recognition, or fingerprint scan, the same method would authenticate you on whatever supported app or service you're logging into.

This is not a new concept by any stretch, and the push for a passwordless future has been in play for years by companies like Microsoft, Google, and others. What is new, however, is the team effort towards a single standard to enable passwordless sign-ins on billions of devices.

FIDO authentication graphic
The end-to-end aspect is important, too. Instead of requiring an initial sign-in with a password to configure FIDO (and with the same phishing risks), the FIDO Alliance and its partners are extending support for the platform's implementations with two new key capabilities...
  1. Allow users to automatically access their FIDO sign-in credentials (referred to by some as a 'passkey') on many of their devices, even new ones, without having to re-enroll every account.
  2. Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
This is not only more secure than traditional passwords, it also stands to be hugely more convenient, considering just about everyone owns a smartphone, tablet, or both. If you're trying to sign into a supported service on your PC, you would just unlock your phone, which stores your FIDO credential. That passkey is based on public key cryptography and is only shown to your online account when you unlock your device.

What if you lose your phone and replace it with a new one? That could be a problem, though your passkeys will securely sync to your new handset from a cloud backup, Google explains.

Apple, Google, and Microsoft have all said they expect passwordless logins to be available across their platforms over the course of the coming year.