Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple, Google, Microsoft announce commitment to 'passwordless' future

Revealed at WWDC 2021, Apple's Passkey plans appear to fit with the aims of the FIDO alliance's new announcement

Security body FIDO has received new backing from Apple, Google, and Microsoft, with the tech companies all announcing that they are expanding support for the alliance's passwordless sign-in standard.

Following its joining of the FIDO — Fast Identity Online — alliance in 2020, Apple has now announced its extended support for the group's technology and goals. In a joint statement from FIDO, Apple, Google, and Microsoft, seen by AppleInsider, the alliance aims to allow websites and apps to offer secure and simple sign-ins without using passwords.

"Just as we design our products to be intuitive and capable," said Apple senior director of platform product marketing, Kurt Knight, in the statement, "we also design them to be private and secure."

"Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience," continued Knight, "all with the goal of keeping users' personal information safe."

FIDO maintains that password authentication is one of the biggest security problems, from how reused passwords mean a breach in one service, can expose others. It also argues that managing passwords is cumbersome for consumers, and that its standard would allow for a secure passwordless option.

"Users will sign in through the same action that they take multiple times each day to unlock their devices," says the alliance, "such as a simple verification of their fingerprint or face, or a device PIN."

It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however. Most iPhone device PINs are four or six numbers, and currently it takes an extra step to make it longer or alphanumeric.

The approach does, though, tie in with Apple's own proposed passkey feature, previously announced at WWDC 2021. This is intended to mimic hardware security keys, but use iCloud Keychain instead of physical devices.

The Developer session from WWDC 2021, "Move beyond passwords," is available to view. So far, though, Apple has introduced initial support for its passkey technology in iOS 15.4.

There is no expected release date for the new features on any platform. The group's statement says that Apple, Google, and Microsoft will implement the features "over the course of the coming year."

The most likely roll-out for new features for Apple is at WWDC 2022, with a release in the fall, alongside the new iPhones.



26 Comments

henryblackman 21 Years · 59 comments


It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however.

The reason it’s more secure is because there are multiple factors - the device (something you have), and the PIN (something you know) or biometric - face, or finger (something you are).  No one is suggesting we replace passwords with PINs, they’re saying a device AND a PIN - or some other factor. 

4 Likes · 0 Dislikes
rob53 14 Years · 3330 comments


It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however.

The reason it’s more secure is because there are multiple factors - the device (something you have), and the PIN (something you know) or biometric - face, or finger (something you are).  No one is suggesting we replace passwords with PINs, they’re saying a device AND a PIN - or some other factor. 

Standard two-factor authentication, which has been in use for decades. Apple Card already has the second factor built in with their rotating CCV. I used the standard RSA rotating token for years. I still call these password systems. Most websites are using the text msg/email second “password” so it’s not that big of a deal. What worries me is how convoluted this group will make it so it fits into each of their existing products, like AD (ugh!).

2 Likes · 0 Dislikes
Fred257 6 Years · 269 comments

I’m currently locked out of my own Gmail account because I forgot my password.

I do not have notifications on messages so Google kept sending me messages in my phone (without telling me) and my account is frozen for 48 hours.

I will be getting rid of all Gmail accounts because of this.

3 Likes · 0 Dislikes
mike1 11 Years · 3447 comments

rob53 said:

It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however.

The reason it’s more secure is because there are multiple factors - the device (something you have), and the PIN (something you know) or biometric - face, or finger (something you are).  No one is suggesting we replace passwords with PINs, they’re saying a device AND a PIN - or some other factor. 
Standard two-factor authentication, which has been in use for decades. Apple Card already has the second factor built in with their rotating CCV. I used the standard RSA rotating token for years. I still call these password systems. Most websites are using the text msg/email second “password” so it’s not that big of a deal. What worries me is how convoluted this group will make it so it fits into each of their existing products, like AD (ugh!).

Interesting. My CCV has never changed since I got my Apple Card. I know there is an option to force a new card #, but nothing automatic.

1 Like · 0 Dislikes
ihatescreennames 20 Years · 1989 comments

I’m fine with password management for now and really have no issues with it. What I’d prefer is not having to provide an email address everywhere and then get unwanted junk e-mail. I use hide my email but that’s still something I have to manage. 

Still, maybe this is a step in that direction. I’m curious to see where it goes. 

mike1 said:
rob53 said:

It's not immediately clear how falling back to a device PIN would be more secure than a properly configured password, however.

The reason it’s more secure is because there are multiple factors - the device (something you have), and the PIN (something you know) or biometric - face, or finger (something you are).  No one is suggesting we replace passwords with PINs, they’re saying a device AND a PIN - or some other factor. 
Standard two-factor authentication, which has been in use for decades. Apple Card already has the second factor built in with their rotating CCV. I used the standard RSA rotating token for years. I still call these password systems. Most websites are using the text msg/email second “password” so it’s not that big of a deal. What worries me is how convoluted this group will make it so it fits into each of their existing products, like AD (ugh!).
Interesting. My CCV has never changed since I got my Apple Card. I know there is an option to force a new card #, but nothing automatic.

You need to turn on Advanced Fraud Protection to get rotating CCVs. You’ll find that by tapping on the little credit card icon in the upper right corner when in the Apple Card details view. 

8 Likes · 0 Dislikes