Relying on passwords to sign-in to websites or applications can present high security risks. For this reason, the FIDO Alliance and W3C joined forces so as to create passwordless sign-in standards, more secure than the single password use. Two-factor authentification did help at first, as users were given an end-to-end passwordless solution. This enabled them to connect on websites or applications thanks to technologies based on biometric authentification – fingerprint or face verification – or the use of a device PIN.
Nevertheless, the password use was still necessary to access the second part of the authentification. Hence, the FIDO Alliance and W3C expanded their standards so as to offer users “two new capabilities for more seamless and secure passwordless sign-ins:
- Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account.
- Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.”
As implied, these new functionalities offer users a better and more secure alternative to using passwords. As Andrew Shikiar – executive director & CMO of the FIDO Alliance – declared, “we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products”.
This cross-functional standard upgrade will be available on involved platforms and products in the upcoming months.