On May 5th, World Password Day, we became one step closer to easier and more secure password management.
The FIDO (Fast IDentity Online) Alliance, an open industry association whose mission is to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords”, announced it has received support from Apple, Microsoft and Google to move forward with passwordless sign-on.
Passwordless sign-on will not only make cross-platform and device sign-on significantly more convenient, it will also allow the capability for websites and applications to offer more secure and consistent sign-in experiences. Not to mention the headache of trying to remember all your passwords or losing them from time to time.
One of the biggest security hazards on the web is password-only authentication. Because it's tedious to have different passwords for every device, site and application, users often re-use the same password multiple times. This can lead to stolen identities, account takeovers, and significant data breaches. In an effort to prevent this, password managers and multi-factor authentication have been implemented as current best practice, however merely an incremental improvement to password-only authentication.
This is why industry-wide collaboration to create better sign-in technology for more secure and convenient is of the utmost importance in today's digital world.
In conjunction with the World Wide Web Consortium (W3C), FIDO, and many technology companies, Apple, Google, Microsoft have led the development of the expanded set of capabilities that are passwordless sign-in standards.
Currently the companies that support FIDO Alliance standards enabling passwordless sign-ons, for example “Sign-in with Google” when setting up a new account with an app, require users to sign in with each device before using passwordless functionality. The May 5th announcement allows the following new capabilities:
- Allow users to to use their FIDO sign-in credentials or “passkey” without having to re-enroll/setup every account.
- Enables users to use FIDO authentication on their mobile devices to sign in on a nearby device regardless of OS or browser.
These new capabilities are expected to be released over the course of this year.
“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, Senior Director of Product Management, Google.
Although actually getting rid of passwords entirely will be a complicated overhaul, having three of the biggest tech companies on-board is a huge step towards a passwordless and hopefully headache free future. For more info on these next steps visit the FIDO Allicance’s website here.