The FIDO Alliance was founded in 2012 with the aim of creating faster and more secure identities on the Internet. The plan to eliminate passwords in the network is now gaining momentum. Apple relies on passkeys.
In May 2022, Apple, Google and Microsoft announced that they wanted to broadly expand the option of password-free login. In early June, Apple announced at its developers conference that in the medium term, password authentication, which is still ubiquitous on the Internet today, would be phased out. In its place, initially in the Apple browser Safari, there is a password-free login with a so-called passkey. Thus Apple is implementing a security upgrade that the FIDO Alliance (Fast Identity Online), which now includes more than 150 companies according to Wikipedia, came together to introduce in 2012. Most recently, Apple, Google, and Microsoft announced in May that they wanted to broadly expand the possibility of password-free registration. Now at the latest, companies that generate online sales should start thinking about how they can make their business processes fit for the future.
Apple is implementing the goals of the FIDO Alliance in the form of a solution called “Passkey”. It is based on a combination of strong encryption and biometric data, as recorded by the sensors of laptops or mobile devices. To activate the function in a website or app, users only need to generate a one-time digital authorization key using Apple’s face recognition FaceID or fingerprint scanner TouchID. This key is valid only for the respective website or app for which it was created. The new thing is that the passkey is passed on to the user’s other devices via iCloud Keychain, thus enabling cross-device authorization. Since other members of the FIDO Alliance such as Microsoft and Google also support the system, rapid adoption is expected in the coming years.
Password-free authentication should make it impossible to intercept login data and thus reliably slow down data thieves. The fact that major hardware and software providers are working together on implementation shows what the order of the day is: Where this hasn’t happened yet, online service providers and retailers need to future-proof their login processes. should create and enable access without password. Technology groups such as Apple, Google and Microsoft provide solutions on the user/client side as standard. Now companies will have to comply and adapt their login systems to use passwordless security functions as well.