Apple, Google, Microsoft announce commitment to 'passwordless' future
Security body FIDO has received new backing from Apple, Google, and Microsoft, with the tech companies all announcing that they are expanding support for the alliance's passwordless sign-in standard.
Revealed at WWDC 2021, Apple's Passkey plans appear to fit with the aims of the FIDO alliance's new announcement
Following its joining of the FIDO -- Fast Identity Online -- alliance in 2020, Apple has now announced its extended support for the group's technology and goals. In a joint statement from FIDO, Apple, Google, and Microsoft, seen by AppleInsider, the alliance aims to allow websites and apps to offer secure and simple sign-ins without using passwords.
"Just as we design our products to be intuitive and capable," said Apple senior director of platform product marketing, Kurt Knight, in the statement, "we also design them to be private and secure."
"Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience," continued Knight, "all with the goal of keeping users' personal information safe."
FIDO maintains that password authentication is one of the biggest security problems, from how reused passwords mean a breach in one service, can expose others. It also argues that managing passwords is cumbersome for consumers, and that its standard would allow for a secure passwordless option.
"Users will sign in through the same action that they take multiple times each day to unlock their devices," says the alliance, "such as a simple verification of their fingerprint or face, or a device PIN."
It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however. Most iPhone device PINs are four or six numbers, and currently it takes an extra step to make it longer or alphanumeric.
The approach does, though, tie in with Apple's own proposed passkey feature, previously announced at WWDC 2021. This is intended to mimic hardware security keys, but use iCloud Keychain instead of physical devices.
The Developer session from WWDC 2021, "Move beyond passwords," is available to view. So far, though, Apple has introduced initial support for its passkey technology in iOS 15.4.
There is no expected release date for the new features on any platform. The group's statement says that Apple, Google, and Microsoft will implement the features "over the course of the coming year."
The most likely roll-out for new features for Apple is at WWDC 2022, with a release in the fall, alongside the new iPhones.
Read on AppleInsider
Revealed at WWDC 2021, Apple's Passkey plans appear to fit with the aims of the FIDO alliance's new announcement
Following its joining of the FIDO -- Fast Identity Online -- alliance in 2020, Apple has now announced its extended support for the group's technology and goals. In a joint statement from FIDO, Apple, Google, and Microsoft, seen by AppleInsider, the alliance aims to allow websites and apps to offer secure and simple sign-ins without using passwords.
"Just as we design our products to be intuitive and capable," said Apple senior director of platform product marketing, Kurt Knight, in the statement, "we also design them to be private and secure."
"Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience," continued Knight, "all with the goal of keeping users' personal information safe."
FIDO maintains that password authentication is one of the biggest security problems, from how reused passwords mean a breach in one service, can expose others. It also argues that managing passwords is cumbersome for consumers, and that its standard would allow for a secure passwordless option.
"Users will sign in through the same action that they take multiple times each day to unlock their devices," says the alliance, "such as a simple verification of their fingerprint or face, or a device PIN."
It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however. Most iPhone device PINs are four or six numbers, and currently it takes an extra step to make it longer or alphanumeric.
The approach does, though, tie in with Apple's own proposed passkey feature, previously announced at WWDC 2021. This is intended to mimic hardware security keys, but use iCloud Keychain instead of physical devices.
The Developer session from WWDC 2021, "Move beyond passwords," is available to view. So far, though, Apple has introduced initial support for its passkey technology in iOS 15.4.
There is no expected release date for the new features on any platform. The group's statement says that Apple, Google, and Microsoft will implement the features "over the course of the coming year."
The most likely roll-out for new features for Apple is at WWDC 2022, with a release in the fall, alongside the new iPhones.
Read on AppleInsider
Comments
I do not have notifications on messages so Google kept sending me messages in my phone (without telling me) and my account is frozen for 48 hours.
I hope this takes hold and changes the whole landscape.
Really this is a very good thing.
To eliminate. passwords, they must invade your privacy in order to authenticate. Already, the two-factor authentication, while more secure, is a way to track your logins to you using your phone number - or email address, which is also increasingly being verified by your phone number.