The FIDO Alliance and World Wide Web Consortium have engineered an impressive feat of cybersecurity diplomacy, announcing that Apple, Google, and Microsoft have all agreed to implement broader support for passwordless sign-in standards that will help end users to securely access accounts across the tech giants’ respective browser and OS ecosystems.
The aim, as is virtually always the case where FIDO is concerned, is to get users off of password-based security and onto more sophisticated authentication mechanisms. The extended authentication standards to which Apple, Google, and Microsoft have committed will allow end users to sign into apps and accounts using their own devices’ biometric capabilities or PIN codes.
While each of the tech giants had previously supported FIDO Alliance standards across a number of their own devices, the extended standards will enable an end user to log into an app or site on a nearby device using their mobile device, even if it’s running on a different operating system or browser. And users will be able to automatically access their FIDO authentication credentials across various devices, including new ones, without having to re-authenticate each individual account.
The tech giants’ commitment to ensuring these secure authentication capabilities speaks to the importance of the shared mission of moving beyond password-based security. Apple, in particular, is known for maintaining a tightly controlled, mostly closed product and services ecosystem, but the company’s Senior Director of Platform Product Marketing, Kurt Knight, explained that the collaboration ultimately serves the best interests of Apple’s customers.
“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” he said.
FIDO CMO and Executive Director Andrew Shikiar praised the tech giants for their collaboration in the service of FIDO’s mission. “Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” he said.
The effort also received praise from the US Cybersecurity and Infrastructure Security Agency, which has previously urged organizations to embrace FIDO-based authentication mechanisms in order to fend off cyberattacks.
“I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said CISA Director Jen Easterly, adding that the collaboration marked “an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords.”
FIDO, W3C, and their partners expect the authentication capabilities to be rolled out over the course of the coming year.