The three tech titans will roll out passwordless FIDO sign-in standards across Android, Chrome, iOS, macOS, and Safari, as well as Windows and Edge, over the next year.
This means that users won’t need a password to log into devices, websites, or applications any time soon. Instead, users’ phones will keep a passkey, a FIDO credential that can be used to unlock users’ devices as well as their complete online account.
Users must sign in to each website or app with each device before they may enjoy passwordless features in prior versions. Users will be able to automatically access their passkey on many of their devices, including new ones, as a result of this extended commitment, without having to re-enroll each account. People will also be able to sign into an app or website on a nearby device using FIDO authentication on their mobile device, regardless of the OS platform or browser they’re using.
According to Sampath Srinivas, Google PM Director for Secure Authentication and president of the FIDO Alliance, these API requests have direct analogs in the field of password managers.
“Create a new random password” is a direct counterpart for one API request (it can also create a random username since the user does not need to care about that). Another API call corresponds to “Now enter the login and password into the website.” A password from a nearby phone can also be played into the user’s computer using this new type of “password manager.”
“And finally, just as a developer must build code to validate passwords, there is a standard mechanism to verify the crypto message that arrives from the user’s browser or app,” Srinivas said.
Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency, praised the new collective commitment, calling it “the type of forward-thinking that will ultimately keep the American people safer online.”
“I commend our private sector partners’ dedication to open standards that increase flexibility for service providers and improve the consumer experience,” said. “Today marks a significant step forward in the security journey to encourage built-in security best practices and help us move beyond passwords; cyber is a team sport, and we’re excited to continue our collaboration.”