- Microsoft, Apple and Google have agreed to expand support for a passwordless standard developed by the FIDO Alliance and World Wide Web Consortium, the FIDO Alliance announced Thursday. Passwordless adoption is designed to bolster digital security across multiple platforms and devices.
- The enhanced support will allow users to access FIDO sign-in credentials, also known as passkeys, without the need to reenroll on multiple devices. The enhanced support will allow users to use FIDO authentication on a mobile device to sign in on a nearby device, regardless of the operating system or browser.
- The primary use case for the expanded support is for consumer service providers, according to FIDO Alliance officials, but small- and medium-sized businesses (SMBs) and enterprises may want to use the enhanced standard to boost multi-factor authentication (MFA) adoption. FIDO officials note current Microsoft data showing only 22% of corporate workers use MFA.
Major IT providers have vied to eliminate dependence on passwords across the consumer and enterprise space.
For years, millions of consumers have used password security to authenticate everything from signing onto their personal computers to conducting any type of online transaction. Inside companies, passwords are one of the few methods to ensure an authorized employee or outside contractor can safely access sensitive information.
“It’s important to note from an IT perspective that an enterprise has flexibility in how it grants access based on the authentication signals,” Andrew Shikiar, executive director and CMO of FIDO, said via email. “For example, they can grant full access based on a user verification to a multi-device credential or for more security intensive scenarios they can treat it as just one signal in their authentication process — perhaps layering on step-up authentication or passive biometrics.”
There are more than 921 password attacks every second, said Vasu Jakkal, corporate VP of security, compliance, identity and management at Microsoft, in a blog post Thursday. That represents more than double the figure over the last 12 months.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said on Twitter the move would help enhance online security and was an important step in private-sector collaboration.
Gartner research predicts more than 20% of customer authentication transactions and 50% of the workforce will be passwordless by 2025, according to a Gartner spokesperson. This compares with 10% for customer authentication and the workforce currently.
Gartner also predicts more than 25% of MFA transactions using a token will be based on FIDO authentication protocols by 2025, compared with 5% today.