Apple, Google, and Microsoft collectively commit to supporting the FIDO Alliance solution for removing passwords on the web in their operating systems and browsers. You can use the biometric sensor of a smartphone, tablet or computer to authenticate yourself on a site, without having to create a password, or relying on a second factor which is a more secure method, but also more restrictive. This formalization is not a surprise, this plan has been in motion for several years and Apple was at its head:
Passkeys and WebAuthn: Apple imagines a future without passwords
The industry plan to get rid of passwords
Authentication by ” access keys will thus become a web standard that will eventually be supported by all operating systems and all web browsers. This is an essential point so that we can do without a password: we can use this new form of authentication regardless of the device used, even if we go from an iPhone to an Android smartphone, for example. Another challenge is to simplify the process as much as possible, in particular so as not to have to register each device on each website.
Concretely, the FIDO alliance in partnership with companies announces two new features for the standard. On the one hand, access to secure information provided on users’ devices can be done automatically. On the other hand, one will be able to use a mobile device to authenticate to a nearby computer and again, this will work for all browsers and operating systems. This authentication mechanism will not be reserved for websites, applications can also use it.
These new features should arrive at Apple, Google and Microsoft by the end of 2022. On the Apple side, the most likely would be integration into iOS 16 and macOS 13. Apple has already implemented a solution close to one that will be standardized for its own websites and for the “Connection with Apple” function, even if it lacks interoperability and the possibility of using an iPhone near a Mac.