Microsoft, Apple, and Google will support FIDO passwordless logins

0
348

[ad_1]

Today, Microsoft, Apple, and Google announced plans to support a common passwordless login standard (known as access keys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.

Once implemented, these new Web Authentication (WebAuthn) credentials (also known as FIDO credentials) will allow users of the three tech giants to log into their accounts without using a password.

Instead of using passwords, they will have the option to choose to verify their identity using PIN or biometric authentication (fingerprint or face).

“To log in to a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access,” said Sampath Srinivas, Director of Secure Authentication at Google PM.

“Even if you lose your phone, your passkeys will be securely synced to your new phone from the cloud backup, allowing you to pick up right where your old device left off.”

The new capabilities should be available on all major platforms, devices, websites and applications operated by Microsoft, Apple and Google platforms within the next year.

Sign in with FIDO passkey
FIDO Passkey Login (FIDO Alliance)

“These cross-device FIDO credentials, sometimes referred to as access keys, represent a monumental step toward a world without passwords,” said Alex Simons, vice president of Microsoft’s identity division.

When available, passkeys will remove the requirement to log in to every app or website on every device, adding additional capabilities for more seamless passwordless logins:

  1. Users can automatically access their access keys on many of their devices without having to re-enroll for each account.
  2. With access keys on your mobile device, you can sign in to an app or service on almost any device, regardless of the platform or browser the device is running.

Stopping using passwords to log into accounts will make the web more secure as they are the most common entry point used by attackers to hijack online identities.

As Vasu Jakkal, corporate vice president of Security, Compliance, Identity and Management at Microsoft, revealed today, “there are 921 password attacks every second, almost doubling the frequency in the last 12 months.”

Push login without password

Of the three companies, Microsoft has been pushing passwordless logins across many of its platforms and services for several years now.

In December 2020, Microsoft reported that more than 150 million users signed in to their Azure Active Directory and Microsoft accounts without using passwords.

The company began rolling out passwordless sign-in support for all Microsoft accounts in September, allowing its customers to sign in to their Microsoft accounts without using a password.

In October, the Microsoft Detection and Response Team (DART) said it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities.

A year earlier, Simons revealed that password spray attacks were among the most popular authentication attacks, behind more than a third of enterprise account compromises.

“I applaud our private sector partners’ commitment to open standards that add flexibility for service providers and a better user experience for customers,” said Jen Easterly, director of CISA.

“Today marks an important milestone in the security journey to advance integrated security best practices and help us move beyond passwords.”

[ad_2]