Apple, Google, and Microsoft said Thursday morning that they will work together to establish support for passwordless sign-in across all of their mobile, desktop, and browser platforms in the coming year. This effectively means that passwordless authentication will be available in the not-too-distant future for all major device platforms, including Android and iOS mobile operating systems, Chrome, Edge, and Safari browsers, and Windows and macOS desktop environments.
According to a blog post published Thursday by Google, a passwordless login method will allow users to use their phones as the primary authentication device for apps, websites, and other digital services. Unlocking the phone with whatever action is set as the default — entering a PIN, drawing a pattern, or using fingerprint unlock — will then be sufficient to sign in to web services without the need to ever enter a password, made possible by the use of a unique cryptographic token called a passkey that is shared between the phone and the website.
The notion is that by making logins dependent on a physical device, users will benefit from both ease and security. Without a password, there is no need to remember login information across services or risk compromising security by reusing the same password in various places. Similarly, because signing in requires access to a physical device, a passwordless system makes it much more difficult for hackers to compromise login details remotely; and, theoretically, phishing attacks in which users are directed to a fake website for password capture will be much more difficult to mount.
The cross-platform feature is enabled via the FIDO standard, which employs public-key cryptography principles to provide passwordless login and multi-factor authentication in a variety of settings. When a user’s phone is unlocked, it can store a unique FIDO-compliant passkey and share it with a website for authentication. Passkeys may also be simply synchronized to a new device from cloud backup in the event that a phone is misplaced, according to Google’s website.
So far, Apple, Google, and Microsoft have all stated that the new sign-in capabilities will be accessible across platforms within the next year, though no precise timeline has been given. Although the effort to kill the password has been ongoing for years, there are indicators that it may have finally succeeded this time.
