In an effort to get rid of passwords, Google, Microsoft and Apple are expanding support for a common passwordless login standard created by the FIDO Alliance (Fast Identity Online – which promotes the development of device authentication and attestation standards) and the World Wide Web Consortium.
The companies said last Thursday that the new feature will allow websites and apps that have the feature to offer users consistent, secure and easy passwordless logins across all devices and platforms.
The new approach, which involves storing an ID or password on a smart phone, “will be radically more secure compared to passwords and legacy multi-factor technologies such as one-time passcodes sent via text message,” the FIDO Alliance said in a statement.
Google, Microsoft, and Apple platforms already support FIDO Alliance standards to enable passwordless login on smartphones, laptops, and tablets. Users must, however, log in to each website or app with each device before they can use the passwordless feature. The new enhanced capabilities will give websites and apps the ability to offer an end-to-end passwordless option, the FIDO Alliance says.
Users will log in as they do now, by fingerprint, facial recognition, or device unlock code. This feature will allow users to automatically access their FIDO login credentials on most of their devices, even new ones, without having to re-enroll each account. It will also allow users to use FIDO authentication on their mobile device to log into an app or website on a nearby device, regardless of the operating system or browser they are using.
“These multi-device FIDO credentials […] represent an important step towards a world without passwords,” said Alex Simons, vice president of product management for Microsoft’s Network Identity and Access Division, in a blog post.
“Windows users can already use Windows Hello to sign in to any site that supports passkeys,” he added. “In the near future, you will be able to sign in to your Microsoft account with an Apple or Google device password. »
Google said it plans to implement passwordless support for FIDO login standards in its Android operating system and Chrome browser.
Google explains that to log into a website on a computer, a user will need their smart phone. The website or app will send verification to the phone and ask the user to unlock the phone with a biometric method or an unlock code. Even if the user loses their phone, the passkeys will be securely synced to a new phone from cloud backup.
The original article (in English) is available on the website ofIT World Canadaa sister publication of Informatic direction.
World Password Day: How to get rid of them
Passwords: 1Password secures $620M in funding
Credential stuffing attack scares off LastPass users
French translation and adaptation by Renaud Larue-Langlois
Tags: apple, google, microsoft, password