As we mark World Password Day, three of the major technology players are announcing a significant step on the road to a passwordless future.
Over the next year Google plans to implement passwordless support in Android and Chrome. Apple and Microsoft have also announced that they will offer support in iOS, MacOS, Safari, Windows and Edge.
This will simplify sign-ins across devices, websites, and applications — no matter the platform — without the need for a single password.
“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” says Mark Risher, senior director of product mnagement at Google. “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”
How will this work? If you’re using a smartphone it will store a FIDO credential called a passkey which is used to unlock your online account. The passkey makes signing in far more secure, as it’s based on public key cryptography and is only shown to your online account when you unlock your phone.
To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access. Once you’ve done this, you won’t need your phone again and you will be able to sign in by just unlocking your computer. Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up where your old device left off.
“‘Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” says Andrew Shikiar, executive director and CMO of the FIDO Alliance. “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”
You can read more about Google’s journey towards a passwordless future on the company’s blog.