Skip to main content

Apple, Google, and Microsoft will soon implement passwordless sign-in on all major platforms

Apple, Google, and Microsoft will soon implement passwordless sign-in on all major platforms

/

The tech giants want to roll out FIDO passkey technology in the coming year

Share this story

Illustration by Alex Castro / The Verge

On May 5th — World Password Day — we might have come one step closer to passwords being a thing of the past.

In a joint effort, tech giants Apple, Google, and Microsoft announced Thursday morning that they have committed to building support for passwordless sign-in across all of the mobile, desktop, and browser platforms that they control in the coming year. Effectively, this means that passwordless authentication will come to all major device platforms in the not too distant future: Android and iOS mobile operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop environments.

“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, senior director of platform product marketing at Apple. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.” 

A representation of passwordless sign-in
A representation of passwordless sign-in
image: FIDO Alliance

A passwordless login process will let users choose their phones as the main authentication device for apps, websites, and other digital services, as Google detailed in a blog post published Thursday. Unlocking the phone with whatever is set as the default action — entering a PIN, drawing a pattern, or using fingerprint unlock — will then be enough to sign in to web services without the need to ever enter a password, made possible through the use of a unique cryptographic token called a passkey that is shared between the phone and the website.

By making logins contingent on a physical device, the idea is that users will simultaneously benefit from simplicity and security. Without a password, there will be no obligation to remember login details across services or compromise security by reusing the same password in multiple places. Equally, a passwordless system will make it much more difficult for hackers to compromise login details remotely since signing in requires access to a physical device; and, theoretically, phishing attacks where users are directed to a fake website for password capture will be much harder to mount.

Vasu Jakkal, Microsoft’s vice president for security, compliance, identity, and privacy, emphasized the degree of compatibility across platforms. “With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running,” Jakkal said in an emailed statement. “For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows—using a passkey on an Apple device.”

Users will simultaneously benefit from simplicity and security

The cross-platform functionality is being made possible by a standard called FIDO, which uses the principles of public key cryptography to enable passwordless authentication and multi-factor authentication in a range of contexts. A user’s phone can store a unique FIDO-compliant passkey and will share it with a website for authentication only when the phone is unlocked. Per Google’s post, passkeys can also be easily synced to a new device from cloud backup in the event that a phone is lost.

Though many popular applications already included support for FIDO authentication, initial sign-on has required the use of a password before FIDO can be configured — meaning that users were still vulnerable to phishing attacks that see passwords intercepted or stolen along the way.

But the new procedures will do away with the initial requirement for a password, as Sampath Srinivas, product management director for secure authentication at Google and president of the FIDO Alliance, said in an email statement sent to The Verge.

“This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security,” said Srinivas. “This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we’ll finally have the internet platform for a truly passwordless future.”

So far, Apple, Google, and Microsoft have all said that they expect the new sign-in capabilities to become available across platforms in the next year, although a more specific roadmap has not been announced. Although the plot to kill the password has been underway for years, there are signs that, this time, it may have finally succeeded.

Today’s Storystream

Feed refreshed Sep 25 Not just you

E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.