Three of the biggest tech companies recently announced a joint effort to expand Passwordless authentication across mobile, desktop, and web browsers. That means you won’t need to use a password to sign in to apps or websites on any platform. Here’s everything you need to know about the new common passwordless sign-in standard, and how you can start using it on select devices now.
What Is the FIDO Standard?
Apple, Google, and Microsoft have all committed to supporting a new way to sign in to your apps and websites without using a password. This passwordless standard was created by the FIDO Alliance and the World Wide Web Consortium in a bid to “help reduce the world’s over-reliance on passwords.”
How Does Passwordless Sign-In Work?
With the new passwordless standard, you can store a FIDO credential (also known as a passkey) on your smartphone and turn it into a “roaming authenticator.” That means you can sign in to a website on any device just by unlocking your smartphone.
According to the recent announcement, the FIDO standard will soon work across all Windows, Mac, iOS, and Android devices, as well as Chrome, Safari, and Edge browsers. So, that means you will soon be able to use your iPhone to sign in to a website on Chrome that’s running on a Windows 11 laptop.
You won’t need to upgrade your existing smartphone to use the FIDO standard. Once you see the login page, you will get a notification on your smartphone. Then all you need to do is unlock your smartphone the same way that you always do, whether that’s with your fingerprint, a face scan, or a PIN number.
Basically, the passwordless standard adds another layer of security, just like two-factor authentication (2FA), but instead of sending you a one-time password to verify your identity, it uses the biometric scanners on your smartphone.
This method should cut down on phishing attacks since biometric data can’t be shared or intercepted by scammers or hackers. And since having a one-time password is just like having your actual password, when you receive a 2FA code in a text message, it always says, “do not share this code with anyone.”
To prevent phishing scams entirely, the FIDO standard also uses Bluetooth to verify your proximity to a device. Since Bluetooth only works over a very short distance, hackers won’t be able to pretend like they are you unless they are also really close to your device.
Additionally, the FIDO standard also functions a bit like a password manager. You can store all your passwords and sync them across all your devices. So, when you visit a website on any device, your login information will automatically be filled in for you.
This allows you to create a strong, unique password when you first sign up for a website, and it also prevents scammers from using “spoofed” websites to steal your passwords. These types of sites are designed to look like they belong to legitimate companies, but they actually record what you type as you try to enter your password. If you no longer need to enter your password on any sites, you won’t be vulnerable to this type of scam again.
Read More: The best password managers for any device
It is important to note that your passwords will still be stored in the cloud, which means they could still be vulnerable. However, the FIDO Alliance claims that your biometric data is stored on your device locally, so hackers won’t be able to use it to steal your information.
In a recent white paper, the FIDO Alliance said that vendors could even use the current technology to make your credentials available on a brand-new device – right after you buy it. That means you would really never have to deal with any passwords ever again.
And, when you sell your smartphone or give it away, you don’t have to worry about deleting your old passwords. They will automatically be removed from your smartphone if you lose or replace it.
When Will the FIDO Standard Be Available?
Google says that it has been “setting the stage for a passwordless future for over a decade,” and now that future is closer than ever. Tech giant states that the new passwordless standard will be available across all devices, websites, and applications controlled by Apple, Google, and Microsoft in “the coming year.”
How to Use Passwordless Sign-In Now
You can already use FIDO credentials to log in to your Microsoft account with the Microsoft Authenticator app. In fact, Microsoft claims that nearly all of its employees use this method to sign in to their corporate accounts, and the tech giant reports that it blocks 99.9% of compromise attacks.
Once you have the Authenticator app, just log in with your Microsoft account. Then you will be able to import your passwords from your web browsers and other devices. The free app is available on the Google Play Store for Android devices and the Apple App Store for iPhones, iPads, and the Apple Watch.