Password-free logins are about to change the way users log into their favorite websites, services, and applications, as the FIDO Alliance has joined hands with Apple, Google, and Microsoft to take the technology mainstream. The Alliance is a group of technology companies that have explored the different possibilities for user identification over the past decade. It was founded in part by PayPal and Lenovo, two key players in the technology industry. PayPal is the go-to payments service for many, and Lenovo is a premier productivity giant known best for its ThinkPad line of laptops. Both have a clear interest in developing online security and a significant presence in the market.
Modern software companies have provided password managers for years, either at the operating system level or as a third-party application. Password managers secure a ton of passwords behind a single master password, which is easier to remember than a password for each website, service, or application. Cybersecurity experts recommend using a different password for each account, making the task even tougher. It pays off in the long run — in the event a password is compromised, users can ensure their other logins are secure — but the prospect of remembering dozens or even hundreds of passwords is daunting. Features like Apple’s iCloud Keychain and Google Password Manager are helpful, but the FIDO Alliance has a more ambitious plan for changing the way users log in to online services.
Related: The New ‘Declaration For The Future Of The Internet’ Explained
The FIDO Alliance announced that industry giants Apple, Google, and Microsoft would support its password-less authentication service in a press release. Each of the companies had varying levels of involvement in the Alliance’s mission in the past, but are now expanding their presence. Google was the first of the three companies to join the alliance back in 2013, and its Android mobile operating system earned FIDO2 certification — the blanket term for the organization’s password-less authentication protocols — in 2019. Microsoft joined the consortium and in 2015 brought FIDO certifications to Windows 10, while Apple followed later in 2020. All three companies now serve as board members of the FIDO Alliance and will bring the protocols to their respective platforms in 2022.
Here’s How FIDO Authentication Works
The FIDO Alliance intends to create a version of login authentication that sheds the vulnerabilities of password-only solutions. Using only a password is unsafe and inconvenient because it is easily exploited and requires authentication for a website, service, or application on each device. The Alliance views what it considers ‘legacy’ two-factor authentication and password managers to be better alternatives, but the group sees the FIDO2 certification to be more convenient and secure. There’s little reason to believe this is a marketing ploy — the protocols designed and promoted by the FIDO Alliance and World Wide Web Consortium are completely open-source, and free to use by just about any developer.
Apple, Google, and Microsoft have committed to bringing FIDO2 protocols to their platforms, which will mean end-to-end password-less logins will come to billions of devices. The feature allows a user to log in to a website, service, or application with a simple biometric or device password authentication. It’s different from a password manager which automatically fills in the specific username and password after the user is authenticated. With FIDO2 certification, users can log in to websites without a password at all. Instead, a universal FIDO credential would serve as a password for many websites and services, and a single FIDO-enabled device like a smartphone could authenticate other devices nearby. It will likely be an adjustment for users who are used to a password-based login experience, but a single authentication key could be the solution to easy online security.