The three big tech firms that essentially control the operating system space have issued a joint statement in renewed support of FIDO, the “Fast ID Online” passwordless authentication protocol.
Google, Microsoft and Apple announced their intent to create centralized FIDO systems that allow users to log into sites and services without having to individually re-enroll in each. The primary use of FIDO is to essentially turn a mobile phone into a hardware key that can unlock all of a user’s logins, and even unlock other devices that are physically at hand.
Struggling with widespread acceptance, FIDO passwordless authentication may receive major boost
Passwordless authentication schemes like FIDO have been available for years but have received a mostly lukewarm reception, owing to a variety of shortcomings (and in spite of clear problems with continuing to use usernames and passwords as the primary global means of authentication). With tech’s biggest names formally embracing it, the system would appear to be receiving a major shot in the arm.
Questions do remain as to how enthusiastically end users will embrace passwordless authentication, however. One historical sticking point with the phone-based model is that there have been unacceptable failure rates; logins simply don’t work when they are supposed to, leaving the end user confused and with little recourse to get into their accounts. Another issue has been a secure failsafe system that allows for account recovery when the end user loses their phone or has it break on them unexpectedly. And while FIDO addresses the login-based issues that lead to data breaches, it does nothing to encrypt sensitive data and does not make systems any more secure when an intruder manages to get past it.
With companies still struggling to convince end users to do basic multi-factor authentication, FIDO passwordless authentication is unlikely to become the norm or a required standard anytime soon. But the fact that major tech firms are embracing it in this way appears to indicate that it will at least become a common option in the near future.
Apple, Google, Microsoft step up passwordless authentication support, eye centralized login systems
Arguing that the average internet user is now juggling far too many passwords, and that multifactor authentication is not quite getting the job done, the coalition of big tech firms announced expanded support for FIDO’s device PIN-based passwordless authentication system. What the tech companies describe would appear to be similar to existing systems that they run that allow users to log into multiple websites and services with the credentials for their Gmail or Microsoft accounts.
Passwordless authentication using a phone as a centerpiece can be handled in several different ways, but the most common is to have a prompt sent to the phone when a login on another device is attempted. The user simply approves the login from their phone. Details of the new systems are still shaping up, but the tech firms announced that they intend to roll out improved FIDO support over the remainder of 2022.