In a joint effort, tech giants Apple, Google and Microsoft announced last weekend that they have committed to building support for passwordless login across all mobile, desktop and browser platforms they control in the coming year.
This announcement coincided with World Password Day on May 5th.
This means that authenticating or accessing accounts across Android and iOS mobile devices; Chrome, Edge, and Safari browsers; Windows and macOS desktop environments.
“Just as we design our products to be intuitive and have access, we also design them to be private and secure,” said Kurt Knight, Apple’s senior director of platform product marketing.
“Working with the industry to create new, more secure login methods that provide better protection and eliminate password vulnerabilities, which is fundamental to our commitment to building products that provide maximum security and a transparent user experience – all with the goal of keeping personal information safe for users.”
The passwordless login process will allow users to choose their phone as the primary authentication device for apps, websites and other digital services, Google explained in a blog post published Thursday.
Unlocking the phone with anything set as default – entering a PIN, drawing a pattern or using fingerprint unlock – will be sufficient to log into web services without having to enter a password at all, which is made possible by the use of a unique token It is called a passkey that is shared between the phone and the website.
By making logins conditional on a physical device, the idea is that users will benefit from simplicity and security at the same time.
Without a password, there is no obligation to remember your login details through the Services or to jeopardize your security by reusing the same password in multiple places. Likewise, a passwordless system would make it difficult for hackers to remotely hack login details because login requires access to a physical device; In theory, phishing attacks in which users are directed to a fake website to capture passwords would be much more difficult.
Cross-platform functionality is made possible by a standard called FIDO, which uses public key cryptography principles to enable passwordless authentication and multifactor authentication in a range of contexts.
The user’s phone can store a unique FIDO-compliant passkey and will only share it with an authentication website when the phone is unlocked. According to Google’s post, passkeys can also be easily synced to a new device from a cloud backup in case the phone is lost.
Although many popular applications already included support for FIDO authentication, the initial login required the use of a password before FIDO could be configured – meaning that users were still vulnerable to phishing attacks that saw passwords being intercepted or stolen along the way .
But the new measures will eliminate the initial password requirements, Sampath Srinivas, director of product management for secure authentication at Google and head of the FIDO Alliance, told The Verge, which was seen by Al Arabiya.net.
So far, Apple, Google and Microsoft have said they expect the new login capabilities to become available across platforms next year, although no more specific roadmap has been announced.