Apple, Google and Microsoft have jointly announced their intention to bring passwordless authentication to the most popular desktop, mobile and browser platforms over the next year. In other words, it’s supported on Android and iOS, Windows and macOS, as well as Chrome, Edge, and Safari.
As stated in Google, the mobile phone will become the main means of authentication: with its help it will be possible to log into your accounts in applications, on websites and other digital services. It is enough to unlock the phone in a convenient way: by entering a PIN code, drawing a graphic key or using biometric data – everything else is done by a unique cryptographic token or access key used by both the phone and the service , which you log into.
The authors of the initiative say that logging in with a physical device not only simplifies the user’s task, but also provides additional protection for their data. No need to remember passwords for different services or use one everywhere, compromising your security. The need for a physical device will also make it harder for hackers to perform remote hacks or phishing attacks.
As pointed out by Vasu Jakkal, Microsoft Vice President of Security, Compliance and Privacy, the key benefit of the new initiative is cross-platform: “For example, users can use a passkey to sign in to the Google Chrome browser running on Windows on an Apple device.”. This is made possible by the FIDO standard, which offers passwordless authentication with public cryptographic keys. The unique passkey is stored on the phone and sent to the website when unlocked. In case the phone is lost, the backup copy of the key will be duplicated in the cloud storage.
In conclusion, it should be noted that many services have previously offered authentication according to the FIDO standard, but the first login was still done with a password, which still leaves user resources vulnerable to phishing. However, the new initiative includes a complete denial of passwords from the very first login, promised Sampath Srinivas (Sampath Srinivas), Director of Products for Secure Authentication at Google and President of the FIDO Alliance.