Apple Inc. (AAPL), the Google division of Alphabet Inc. (GOOGL, GOOG), and Microsoft Corporation (MSFT) announced, on May 5, 2022, that they are embarking on "a joint effort to make the web more secure and usable for all." Specifically, they are taking leading roles in expanding support for a universal password-free sign-in standard created by the FIDO (Fast ID Online) Alliance and the World Wide Web Consortium. This standard is designed to allow websites and apps to offer consistent, secure, and easy password-free universal sign-ins to consumers across devices and platforms.
Also among the 40 companies comprising FIDO's highest, "board level," category level of membership are Amazon.com, Inc. (AMZN) and Facebook parent Meta Platforms, Inc. (FB), plus seven leading financial services firms. The impact on future financial results of the aforementioned technology-driven companies is unclear at this point. However, their collaboration promises to speed the implementation of important innovations that are designed to offer widespread benefits to the public worldwide. This may enhance their reputations, especially given a key endorsement of this effort by the U.S. government, as noted below.
- Apple, Google, and Microsoft are spearheading efforts to promote the adoption of password-free sign-in standards.
- These promise to deliver faster, easier, and more secure sign-ins that are resistant to attacks such as phishing.
- Amazon and Facebook parent Meta Platforms are other key supporters of these new standards developed by the FIDO Alliance.
- FIDO finds that passwords are the root cause of more than 80% of data breaches.
The Password Problem
Password-only authentication is among the biggest security problems on the web. Managing many passwords is cumbersome for consumers, which often leads them to reuse the same ones across services. This, in turn, can lead to costly account takeovers, data breaches, and stolen identities. Password managers and current forms of two-factor authentication offer only incremental improvements, however.
Research by FIDO indicates that passwords are the root cause of more than 80% of data breaches. As a result of the typical user having more than 90 online accounts, up to 51% of passwords are reused, and about one-third of online purchases are abandoned due to forgotten passwords. Resetting a password typically incurs a $70 labor cost for a help desk.
The FIDO Solution
The solution developed by FIDO is designed to allow access to all participating services through a given device, with no need to remember or type passwords. It also is designed to be resistant to phishing and other common attacks.
Broadly stated, under the new approach created by FIDO, the user will sign in with the same action already employed to unlock their devices, such as a simple verification of their fingerprint, voice, face, or device PIN. It promises to be radically faster, easier, and more secure when compared to passwords and existing multi-factor technologies such as one-time passcodes sent via text or voice messages.
Latest FIDO Innovations
Previous version of the FIDO approach required users to sign in to each website or app with each device before they can use the password-free functionality. The announcement on May 5, 2022, included two new capabilities for more seamless and secure password-free sign-ins.
One allows users to automatically access their FIDO sign-in credentials (called a "passkey" by some) on many of their devices, even new ones, without having to reenroll every account. The other enables users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device. These new capabilities are expected to become available across Apple, Google, and Microsoft platforms during the coming year.
U.S. Government Hails 'Innovative Companies'
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), stated: "The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies ... will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards ... Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords."
'Ubiquity and Usability Are Critical'
Andrew Shikiar, executive director and chief marketing officer (CMO) of the FIDO Alliance, said: "Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products ... This new capability stands to usher in a new wave of low-friction [i.e., easier to use, with fewer steps] FIDO implementations."