Apple, Google, and Microsoft have teamed up to make the web a safer place for all users. According to a blog post by FIDO, the tech giants intend to implement this by expanding support for "a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium."
Once in full effect. navigating through websites and applications will be easier and more secure for the users regardless of the fact that they will no longer require passwords to access these facilities. It will be available for use across multiple platforms and devices.
A classic example that conforms to this arrangement is Yubikey, a piece of hardware specifically designed to make secure login easy and available for everyone with just a tap. Yubikey helps users verify their identities before they can gain access to their online accounts across different devices and platforms, rather than sending 2FA texts to your device when signing in using the conventional way that we are used to.
Apple highlighted that password-only authentication was one of the biggest security problems facing web users, so much so that they find themselves reusing the same password on multiple sites. Managing multiple passwords simultaneously can be quite nerve-wracking. As a result, this makes their accounts susceptible to intrusion by hackers, although the 2FA has relatively reduced the risk.
How is the passwordless sign-in supposed to work? Well, through the expanded standards-based capabilities, websites and applications will now be able to provide an end-to-end passwordless option.
According to the blog post by FIDO:
Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.
Microsoft, Google, and Apple are part of the technology companies that have led to the development of the expanded set of capabilities. They were already on board with FIDO Alliance, which in return supported passwordless sign-in. The big difference is that with the previous arrangement users would need to sign in to each website and application on all their devices before they could access the passwordless feature.
Microsoft has been working on a way to phase out passwords to enhance security. And has been leaning more on Windows Hello, security keys, and pins to give that extra edge when it comes to security.
However, based on this new information, users should soon be able to access their FIDO sign-in credentials automatically on multiple devices, this is regardless of whether it is a new device or not, and also not compel them to sign in to their accounts each time. Aside from that, users can use FIDO authentification on their phones to access a website or application on any nearby device.
With that said, the companies have spearheaded this new set of capabilities and are currently creating support specifically tailored to conform to the standards of their respective platforms. Essentially, a passwordless system is more secure in the sense that users will not be able to use login credentials remotely. An actual device is required in this instance. Passwordless sign-in should reach general availability in 2023.