Apple, Google and Microsoft team up on passwordless logins

A animation of a combination lock rotating through passwords to imitate password login.

Image Credits: Getty Images

In a rare show of alliance, Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers.

Passwords are notoriously insecure, with weak and easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. While password managers and multi-factor technologies offer incremental improvements, Apple, Google and Microsoft are working together to create sign-in technology that is more convenient and more secure.

The tech giants announced on Thursday that they are expanding support for a password-free sign-in standard from the FIDO Alliance and the World Wide Web Consortium, which means you’ll soon be able to use your smartphone to sign in to an app or website on a nearby device, regardless of the operating system or browser you’re using. You’ll use the same action that you take multiple times each day to unlock your smartphone, such as with a verification of your fingerprint, face scan or a device PIN.

Users will also be able to automatically access their FiDO sign-in credentials, or “passkeys,” across multiple devices — including new ones — without having to re-enroll every account.

While the three companies have long supported the passwordless sign-in standard created by the FIDO Alliance, users are still forced to sign into each website or app with each device before they can use the passwordless feature. Over the next year, the three tech giants will implement passwordless FIDO sign-in standards across macOS and Safari; Android and Chrome; and Windows and Edge. This means that, for example, users will be able to sign in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device.

This will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device.

“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe,” said Kurt Knight, Apple’s senior director of platform product marketing, in a press release.

This new collective commitment was commended by Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), who called it “the type of forward-leaning thinking that will ultimately keep the American people safer online.”

“At CISA, we are working to raise the cybersecurity baseline for all Americans,”

Easterly added. “Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”While the password has so far survived many attempts to kill them for good, this could be one of the final nails in the password’s casket