Highlights –
- Users can now sign in to devices and online services without any password, simply verifying their fingerprint, face, or device PIN
- This new approach protects users against phishing, and sign-in can be done more securely.
Tech giants, including Apple, Google, and Microsoft, revealed plans to expand support for the common passwordless sign-in standard built by the FIDO (Fast Identity Online) Alliance and the World Wide Web Consortium. This move will push platforms away from the traditional passwords.
According to Apple, Google and Microsoft, such an initiative will allow websites and apps to “offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.”
Established in 2012, FIDO Alliance is an industry group that addresses the issues around passwords and phishing. By supporting the FIDO standard, vendors will allow billions of consumers to log in to devices and online services without needing any passwords and, instead, use their fingerprint, face or device PIN.
The new capabilities will provide more security than passwords and “legacy multi-factor technologies such as one-time passcodes sent over SMS.”
Such an initiative will help be a boon for enterprises as it will ensure employees are less exposed to phishing attempts and credential theft attacks that have affected organizations for years while improving and securing the sign-in experience for the user.
Modern passwordless approaches
Apple, Microsoft, and Google have been experimenting with passwordless login options over the past few years and are proof of their commitment to passwordless authentication options.
For example, in 2020, Microsoft estimated that over 150 million individuals were using passwordless logins each month, including Windows Hello’s fingerprint and face recognition, to access Azure AD and the Microsoft Authenticator App for password-free login.
Similarly, in 2021 Apple introduced passkeys in the iCloud Keychain. This would enable users to log in to any services by confirming their username and verifying themselves via a FaceID or Touch ID.
The era of password-based protection seems to be dying slowly with Google’s introduction of passwordless login options for users by 2023.
This gradual shift from password-based security is not surprising, given that there has been a sharp increase in credential theft.
With the number of yearly credential spill events nearly doubling between 2016 and 2020, it’s no surprise that 92% of enterprises feel passwordless authentication is the future.
A brief look at the passwordless authentication market
As more enterprises become disgruntled with password security flaws, there is a growing demand for secure sign-in solutions. This is propelling the global passwordless authentication market, which researchers expect to grow from USD12.79 billion in 2021 to USD53.64 billion by 2030.
Apple, Microsoft, and Google are not the only ones to have experimented with a passwordless system to do away with the prospect of credential theft. The other provider is Okta. It recently announced total revenue of USD1.78 billion. The company offers a solution Okta FastPass, which allows users to register their devices to Universal Directory with Okta Verify, where they can sign in to cloud or on-premise apps and VPNs without using any password.
Hypr, a company responsible for raising USD70 million in total funding, too adopted passwordless sign-ins. This offers multi-factor authentication (MFA) solution that allows users to turn their smartphones into a FIDO token and login into the HYPR Desktop MFA client with third-party passwordless authentication — including Windows Hello, Touch ID, and Yubikey.