Apple, Google, and Microsoft Expand Support For Passwordless Sign-In Standard

May 6, 2022
Apple, Google, and Microsoft announced plans on May 5 to expand support for a common passwordless sign-in standard created by FIDO Alliance and the World Wide Web Consortium—the new capabilities will be available the next year

According to a May 5 press release, Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the Mountain View, Calif.-headquartered FIDO [Fast Identity Online] Alliance and the Cambridge, Mass.-headquartered World Wide Web Consortium. “The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms,” the release states.

The release says that “Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.  “

That said, “The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS.”

In August 2021, we reported at HIMSS21 on the keynote entitled, “Healthcare Cybersecurity Resilience in the Face of Adversity.” The keynote featured Keren Elazari, cybersecurity analyst, author, and researcher. During the discussion with her fellow panelists, Elazari touched on passwords. She said that “It is time to get rid of passwords; it is time to call them ‘pastwords.’ They create so much friction, how much time does your organization spend on passwords? It is so outdated in the face of what we need in ID and authentication. There are alternatives out there. People work from home, so the endpoint is the new perimeter, and a lot of those controls are not effective. So, perhaps ID and authentication of people are the new perimeter we need to focus on. I really hope we are going see a future that is ‘passwordless.’”

According to the release, billions of devices and modern web browsers are already support passwordless sign-in standards. The announcement gives users two new capabilities including:

  • Allowing users to automatically access their FIDO sign-in credentials—passkey—on devices without having to re-enroll in each account
  • Enabling users to use FIDO authentication on their mobile device to sign in to an app or website on nearby devices, regardless of the operating system or browser

“In addition to facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method,” the release adds.

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, was quoted in the release saying that “The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers. At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”

The two new capabilities are expected to become available on Apple, Google, and Microsoft platforms over the next year.

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...