Apple Inc., Google LLC and Microsoft Corp. today announced plans to roll out new passwordless login features across their respective platforms.
The new features are expected to become available over the next year.
Passwords are susceptible to hacking and can be difficult for users to manage. To address those issues, Apple, Google and Microsoft have been helping to lead an industry-wide effort to move away from using passwords as the primary means of logging into applications. The initiative that the companies announced today is a continuation of that effort.
The three tech giants plan to release new login features that will enable their users to sign into a website or an application without entering a password. According to the companies, users will gain the ability to sign into a service simply by unlocking their smartphones.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access,” Sampath Srinivas, Google’s product management director for secure authentication, explained in a blog post today. “Once you’ve done this, you won’t need your phone again and you can sign in by just unlocking your computer.”
The new passwordless login features will also include a built-in backup mechanism. “Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off,” Srinivas wrote.
The upcoming capabilities are based on technical standards developed by two industry groups, the FIDO Alliance and World Wide Web Consortium. Apple, Google and Microsoft played a key role in developing the standards. Moreover, the companies already implement the passwordless login technology they’ve helped develop in several products.
“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s senior director of platform product marketing. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience.”
In conjunction with the announcement of the upcoming features, Microsoft today added passwordless login support to two of its offerings. The first is its Windows 365 Cloud PC tool, which enables users to sync their computer’s applications and settings across multiple devices. Microsoft has also added a password login capability to its Azure Virtual Desktop service, which enables companies to provide cloud-based desktop computers for their workers.
Microsoft plans to roll out additional cybersecurity improvements down the road. “You can use Windows Hello today to sign in to any site that supports passkeys, and in the near future, you’ll be able to sign in to your Microsoft account with a passkey from an Apple or Google device,” detailed Alex Simons, a corporate vice president of program management at Microsoft Corp.’s Azure division.
Apple, Google and Microsoft are also working to make their platforms more secure in other ways.
The chips in Apple’s mobile devices and recent Macs feature a so-called secure enclave designed to store the encryption keys that applications use to protect data. Google’s latest Pixel 6 device line, in turn, features a specialized chip called the Titan M2 that is specifically optimized for cybersecurity tasks.
Microsoft has also been investing in new cybersecurity technologies. In 2020, the company introduced a new coprocessor called Pluton that can be attached to a Windows machine’s central processing unit to protect sensitive data such as encryption keys. Microsoft says that not even the firmware installed on a Pluton coprocessor can access the encryption keys stored onboard.