Passwords are a hassle, and unfortunately, they’re often a security risk. Even when a password is nice and complicated (they usually aren’t), it may be compromised through brute-force attacks, leaks, or malware. That’s why Apple, Google, and Microsoft are now collaborating on our passwordless future through the FIDO standard.
Maybe you’ve heard of FIDO—it’s a popular standard that turns local devices, such as your phone or a USB key, into tools for sign-in or multi-factor authentication. If you secure your PC with FIDO, for example, it may only unlock when you scan a fingerprint or enter a PIN on your phone.
A hacker who lives halfway across the planet can steal your passwords with a phishing email. But chances are, they’ll never hold your phone in their hands. Because FIDO works locally, it’s much more secure than regular old passwords. It also eliminates the need to memorize, write, or store passwords, which is just icing on the cake.
But the way we handle FIDO is a bit awkward. For one, the standard isn’t broadly supported at a software level, and the product that do support FIDO often treat it like an afterthought. It’s also difficult to share FIDO credentials between devices—basically, FIDO isn’t ready for the mainstream.
Apple, Microsoft, and Google now say that they’ll accelerate FIDO adoption by properly integrating the standard with all of their products. Not only will FIDO become easier to use, but websites and apps will have the option to offer FIDO as their only sign-on option without a password-based setup process.
Here are the two main goals of this scheme, as communicated by the FIDO Alliance:
- Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account.
- Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
These two changes to FIDO should make it much more appealing to the average person. Syncing FIDO credentials between devices is especially helpful, as it ensures that you can always verify your identity, even if you lose a device.
The brains at Microsoft, Apple, and Google hope to finalize these changes sometime in 2023. Our passwordless future may be right around the corner. Of course, there’s no telling how people will respond to FIDO; if the standard doesn’t prove popular enough, we may be stuck with passwords for a while.
Source: FIDO Alliance, Apple, Google