“Simpler, stronger authentication’ is not just FIDO Alliance’s tagline—it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance.
FIDO authentication aims to deliver “end-to-end” passwordless sign-ins for sites, services, and apps using the same mode of verification that most people already use on their smartphone or PC. For example, if you unlock your smartphone with a PIN, face recognition, or fingerprint scan, the same method would authenticate you on whatever supported app or service you’re logging into.
The end-to-end aspect is important, too. Instead of requiring an initial sign-in with a password to configure FIDO (and with the same phishing risks), the FIDO Alliance and its partners are extending support for the platform’s implementations with two new key capabilities…
- Allow users to automatically access their FIDO sign-in credentials (referred to by some as a ‘passkey’) on many of their devices, even new ones, without having to re-enroll every account.
- Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.
This is not only more secure than traditional passwords, it also stands to be hugely more convenient, considering just about everyone owns a smartphone, tablet, or both. If you’re trying to sign into a supported service on your PC, you would just unlock your phone, which stores your FIDO credential. That passkey is based on public key cryptography and is only shown to your online account when you unlock your device.