announced plans to expand support for a common passwordless sign-in standard created by the

FIDO Alliance and the World Wide Web Consortium.

The new capability will allow websites and apps to offer consistent, secure, and easy

passwordless sign-ins to consumers across devices and platforms.

When you sign into a website or app on your phone, you will simply unlock your phone — your

account won't need a password anymore.

Instead, your phone will store a FIDO credential called a passkey which is used to unlock your

online account.

The passkey makes signing in far more secure, as it's based on public key cryptography

and is only shown to your online account when you unlock your phone.

To sign into a website on your computer, you'll just need your phone nearby and you'll simply

be prompted to unlock it for access.

Once you've done this, you won't need your phone again and you can sign in by just

unlocking your computer.

Even if you lose your phone, your passkeys will securely sync to your new phone from

cloud backup, allowing you to pick up right where your old device left off.

Password-only authentication is one of the biggest security problems on the web, and

managing so many passwords is cumbersome for consumers, which often leads consumers to

reuse the same ones across services.

This practice can lead to costly account takeovers, data breaches, and even stolen identities.

While password managers and legacy forms of two-factor authentication offer incremental

improvements, there has been industry-wide collaboration to create sign-in technology

that is more convenient and more secure.

The expanded standards-based capabilities will give websites and apps the ability to

offer an end-to-end passwordless option.

Users will sign in through the same action that they take multiple times each day to

unlock their devices, such as a simple verification of their fingerprint or face, or a device

PIN.

This new approach protects against phishing and sign-in will be radically more secure

when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent

over SMS.

Hundreds of technology companies and service providers from around the world worked within

the FIDO Alliance and W3C to create the passwordless sign-in standards that are already supported

in billions of devices and all modern web browsers.

Apple, Google, and Microsoft have led development of this expanded set of capabilities and are

now building support into their respective platforms.

These companies' platforms already support FIDO Alliance standards to enable passwordless

sign-in on billions of industry-leading devices, but previous implementations require users

to sign in to each website or app with each device before they can use passwordless functionality.

This new announcement extends these platform implementations to give users two new capabilities

for more seamless and secure passwordless sign-ins:

1.Allow users to automatically access their FIDO sign-in credentials (referred to by some

as a “passkey”) on many of their devices, even new ones, without having to re-enroll

every account.

2.

Enable users to use FIDO authentication on their mobile device to sign in to an app or

website on a nearby device, regardless of the OS platform or browser they are running.

In addition to facilitating a better user experience, the broad support of this standards-based

approach will enable service providers to offer FIDO credentials without needing passwords

as an alternative sign-in or account recovery method.

These new capabilities are expected to become available across Apple, Google, and Microsoft

platforms over the course of the coming year.