The new features aim to enable websites and apps to offer consumers secure and easy passwordless logins across all devices and platforms. The standard was developed by the Fido Alliance and the World Wide Web Consortium. The Fido Alliance includes not only hundreds of technology companies and service providers, but also authorities such as the Federal Office for Information Security (BSI).
With innovations, the industry wants to ensure that in the future, sensitive data will increasingly not be protected solely by a password. Experts have been pointing out for years that even complex passwords that consist of multiple letters, numbers, and special characters and are changed regularly are not secure. They recommend using sign-in methods that also require a security key or authenticator app code. The latest version of Fido Standard even works without a password you need to remember.
The current announcement extends the standard with two new functions: on the one hand, users can automatically access access data on multiple devices and also on new devices – without having to re-register for each account. They can also use authentication on their mobile device to log into an app or website on any of their nearby devices, regardless of operating system or browser.
The current technical implementation has until now required users to log in separately to each website or app with each device before they can use the feature without a password. This is now simplified. The new features are expected to be available on Apple, Google, and Microsoft platforms over the next year.
“This step is a testament to the collaborative work being done across the industry to strengthen protection and eliminate outdated password-based authentication,” said Mark Risher, senior director of product management at Google. “The full shift to a passwordless world will begin with consumers making it a natural part of their lives,” said Alex Simons, corporate vice president, identity program management at Microsoft. Any viable solution must be more secure, simpler, and faster than the passwords and traditional multi-factor authentication methods used today.
© dpa-infocom, dpa:220505-99-170107/2