Microsoft, Apple and Google, together with the FIDO Alliance, want to abolish password logins on their platforms and introduce password-free logins across the board from 2023.
Password-based login too vulnerable to security
For years, companies have been announcing improvements in the legitimacy of Internet services that are less vulnerable to security for users. Password phishing, i.e. obtaining login data in order to misuse it, is one of the biggest risks to internet security. A quick click on a seemingly reputable website or a link in an official-looking email has opened many doors and gates for cybercrime, identities have been stolen or accounts have been emptied. Mimikama is full of these scams.
The bad habit of relying on laziness (password 12345) rather than security when creating passwords has also caused some users serious trouble and loss of assets. A look at the top ten of the most popular and therefore not only the most vulnerable but also the most hacked passwords still provides highlights such as “password” or “12345678”. Clearly, the creation and regular exchange of secure passwords represents an almost impossible challenge for the general population.
The FIDO Alliance
This is where the Fido Alliance comes in ( HERE ). The actual task of securing user accounts is taken out of the hands of the users. The familiar authentication process with user name and password per user account will be abolished.
Instead, the industrial alliance is relying on a new system called “FIDO Passkey” for a future without passwords.
Over the course of 2023, support for the new standard will be integrated into all operating systems and browsers of the companies involved, i.e. from Android to Windows, macOS, iOS and Chrome OS to the Chrome, Safari and Edge browsers. This covers the majority of the relevant platforms. Google and Microsoft have been part of the industrial alliance for a long time and are already using the authentication technology selectively in their products. In 2020, Apple also joined the alliance and the three big players are working together on cross-platform solutions.
Microsoft has already been using the FIDO 2 standard in Windows Hello, in Windows 10 and in Android versions 7 and newer since 2019. Apple has integrated Fido 2 into Face and Touch ID with iOS 14 and iPadOS 14 ( HERE ). Google already uses these security keys in the smartphone to log into the Google account. In the future, however, a password will no longer be necessary and other websites will also be addressed ( HERE ).
Easier and safer for users
The current announcement represents significant progress for users. While isolated FIDO functionalities were previously provided, it was previously necessary to log in to each application with a password at least once in order to then be able to switch to password-free login. This should be over in the future. A huge relief for users. Always assuming everything works
A statement from the FIDO Alliance states:
“These companies' platforms already support FIDO Alliance standards to enable password-free login on billions of industry-leading devices. However, previous implementations require users to log in to every website or app on every device before they can use the password-free functionality. Today's announcement expands these platform implementations to provide users with two new features for seamless and secure passwordless logins:
# Automatically access FIDO credentials (called a “passkey” by some) on many of their devices, including new ones, without having to re-log in for each account.
# Using FIDO authentication on their mobile device to log in to an app or website on a nearby device, regardless of the operating system platform or browser they are using.”
( HERE ), Translated with www.DeepL.com/Translator (free version)
How exactly does the password-free login work?
What exactly does the new standard mean for everyday users? Until now, users had to laboriously authorize themselves by entering their username and password every time they logged in, in every shop, in every online game or wherever logins were required. This was often made easier by integrated password managers in browsers or external providers such as Keypass or Lastpass, which took over authentication via auto-fill and master password or at least managed a list of all the login data that had been created so far, which users could “quickly take a look at”.
Nothing works without a smartphone!
In the future, the smartphone will play the central role! Before logging in to a website or app from any device, users must first authenticate themselves on their smartphone using a fingerprint or facial recognition. This authentication on the smartphone authorizes the passing on of a so-called passkey, a password key, which is automatically generated on the relevant page or in the app.
However, exchanging passkeys will not initially work across all platforms. In a first step, the exchange of passkeys will initially only take place in the respective ecosystems. Passkeys created on Android work on a Windows desktop but not on an iPad, Mac passkeys authorize on iPhone but not on an Android smartphone. However, synchronization will take place across platforms in the future. A manual exchange via Bluetooth is being considered as a temporary solution.
Technical background
Technically speaking, the new standard is a further development of existing standards such as Webauthn and the use of secure hardware, which can now be found in practically all current smartphones. This environment is often called a “Secure Enclave” and is already used on smartphones for tasks that are security-relevant. These chips use an operating system that is usually completely independent. This ensures a strict separation between Android, iOS and Co. ( HERE ).
By the way, a lost smartphone should not be a catastrophe. Solutions will also be provided for this that only allow authorized persons to log in.
Conclusion
From 2023, the FIDO Alliance wants to introduce password-free login together with large internet companies such as Google, Apple and Microsoft.
You then log in to a website or app by unlocking your smartphone. A password is no longer necessary. A so-called passkey, a FIDO credential, is stored on the smartphone, which is then used to unlock online accounts not only on the smartphone, but also on other nearby devices. The process has the great advantage of not being susceptible to phishing and is even considered more secure than existing two-factor authentication. This would close a major gateway for cybercrime.
This might also be of interest: Cyber crimes: BKA records new record
Source: futurezone.de , FIDO Alliance
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

