On World Password Day, May 5, tech giants Microsoft, Apple, and Google have announced unanimously their commitment to soon implementing passwordless sign-in across all of their mobile, desktop, and browser platforms.
Passwordless authentication will be coming this year to all main platforms including Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop.
Senior director of platform product marketing at Apple, Kurt Knight said, “Just as we design our products to be intuitive and capable, we also design them to be private and secure. Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
A report by The Verge reveals that a passwordless login process will allow users to choose their phones as the main authentication device for all apps, websites, and other digital services.
Google detailed in a blog post that unlocking the phone with just the default action would be enough to sign in to web services. Using a unique cryptographic token called a passkey shared between phone and website, sign-ins will be possible without the need to enter a password.
A passwordless system will make user sign-in simple, offering security and making it more difficult for hackers to compromise login details.
Microsoft’s vice president for security, compliance, identity, and privacy, Vasu Jakkal, stated in an email, “With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running. For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.”
The new feature will be possible using a standard called FIDO which uses the principles of public-key cryptography to enable passwordless authentication and multi-factor authentication. A phone can store a unique FIDO-compliant passkey which can be shared with a website for authentication when the phone is unlocked.
Product management director for secure authentication at Google and president of the FIDO Alliance, Sampath Srinivas, made a statement to The Verge, “This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security,” said Srinivas. “This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we’ll finally have the internet platform for a truly passwordless future.”
Apple, Google, and Microsoft aim to introduce the feature this year even though the new passwordless sign-in capabilities had been in the works for a while,