Technology firms Apple, Google and Microsoft have committed to support the password-free sign-in standards created by the US-based Fido Alliance and World Wide Web Consortium (W3C).
The new capabilities will allow websites and apps to offer “consistent, secure and passwordless sign-ins” to consumers across devices and platforms, Fido Alliance said in a statement on Thursday.
It will make the web “more secure and usable” for all, it said.
“Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale … we applaud Apple, Google and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and chief marketing officer of Fido Alliance.
Founded in 2012, Oregon-headquartered Fido Alliance is an open industry association with a mission to help reduce the world’s over-reliance on passwords. Its Fido authentication enables password-only logins to be replaced with “secure and fast” sign-in processes such as fingerprints and voice and facial recognition.
Password-only authentication is currently one of the biggest security problems on the web.
With consumers struggling to remember different passwords, they tend to reuse the same ones across different services and devices.
This practice can lead to costly account takeovers, data breaches and even stolen identities, Fido Alliance said.
The global cybersecurity market size is forecast to grow to $345.4 billion by 2026, a jump of more than 58.5 per cent from $217.9bn last year, Statista reported.
“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience,” said Kurt Knight, Apple’s senior director of platform product marketing.
Hundreds of global technology companies and service providers worked within the Fido Alliance and W3C to create the password-free sign-in standards that are already supported in many devices and web browsers.
Apple, Google, and Microsoft are now building support for these capabilities into their platforms.
“For Google, it represents nearly a decade of work we have done alongside Fido, as part of our continued innovation towards a passwordless future,” Mark Risher, Google’s senior director of product management, said.
“We look forward to making Fido-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it … so people around the world can safely move away from the risk and hassle of passwords,” Mr Risher said.
While Apple, Microsoft and Google already support Fido Alliance standards on billions of devices, the previous implementation required users to sign in to each website or app with each device before they could use the passwordless functionality.
The announcement on Thursday gives users two new capabilities.
First, users will be allowed to automatically access their Fido sign-in credentials on many of their devices, even new ones, without having to re-enroll every account.
Second, it will enable users to use Fido authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the operating system they are running.
These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the coming months.
“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives,” said Alex Simons, corporate vice president of identity programme management at Microsoft.
“Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today.”
Jen Easterly, director of the US cybersecurity and infrastructure security agency, said the standards developed by the Fido Alliance and W3C and being led in practice by these companies is the “type of forward-leaning thinking that will ultimately keep the American people safer online”.