A handful of tech companies have been trying to kill the password for years… but this could be the year when it actually starts to happen. Apple, Google, and Microsoft have announced that they’re expanding support for passwordless sign-ins using a standard created by the FIDO Alliance and the W3C.
In a nutshell, instead of as password you’ll be able to use a multi-device FIDO credential or “passkey” to login to apps, sites and services. And instead of typing it in, you’ll just be able to pull out your phone and scan your face or fingerprint or enter a PIN.
While Apple, Google, and Microsoft already support FIDO Alliance standards to some degree, in the past you’ve had to sign into each website or app on a new device before you could go passwordless. But over the coming year, you won’t need to re-enroll every time you use a new device. Login once on one device, and you should be able to go passwordless on all of your devices.
Also new is support for using Bluetooth so that you can authenticate a login on a nearby device using your phone. For example, when trying to login to a website on your PC, the computer can check to make sure your phone is physically nearby before sending you a login prompt.
The companies involved all claim that this sort of passwordless login will be both more convenient and more secure than managing hundreds of unique passwords (and then changing some or all of them in the event of a data breach). And it’s certainly more secure than using the same password on multiple sites.
As Google explains, when the new feature arrives for Android and Chrome later this year, you’ll be able to login to apps and websites using your phone, and each passkey is “based on public key cryptography and is only shown to your online account when you unlock your phone.”
Of course, one problem with tying your ability to login to services ranging from email to online banking to a physical device like a phone is that if your mobile device is lost or damaged you could find yourself locked out of your accounts. But Google says that should only be a temporary problem, since you’ll be able to back up your passkeys to the cloud and restore them to a new device.