Is Passwordless Sign-In Coming Soon?

Passwords may soon become a thing of the past.

Tech giants Apple, Google, and Microsoft announced that they have committed to building support for passwordless sign-in across all of the mobile, desktop, and browser platforms that they control in the coming year, reported The Verge (May 5).

The functionality is being made possible by a standard called FIDO, which uses the principles of public key cryptography to enable passwordless authentication and multi-factor authentication in a range of contexts.

WHAT DOES THIS MEAN?

Essentially, this means that passwordless authentication will come to all major device platforms including Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers, as well as the Windows and MacOS desktop environments.

Currently, many popular applications already use included support for FIDO authentication, but initial sign-on has required the use of a password before FIDO can be configured. New procedures would do away with this initial password requirement.

Users would be allowed to automatically access their FIDO sign-in credentials (aka passkey) on many of their devices, without having to re-enroll on every account. They would also be enabled to use FIDO authentication on their mobile device to sign-in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience,” said Kurt Knight, Apple’s Senior Director of Platform Product Marketing, in the announcement.

HOW WOULD IT WORK?

Passwordless login will let users choose their phones as the main authentication device for apps, websites, and other digital services.

By unlocking the phone with a default action, such as entering a PIN, drawing a pattern, or using a fingerprint or face unlock, users will be able to sign in to web services without the need to enter a password.

“This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS,” read the announcement.

Since this method of signing in requires a physical device, it is thought to be much more difficult for hackers to compromise login details remotely.

Until passwordless login becomes a reality, learn more about why you should be using multi-factor authentication here.