Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms, but there is currently no mechanism for bulk-transferring passkeys between ecosystems, creating the risk of ecosystem lock-in for those who want to upgrade from an Android phone to an iPhone (or the three people who want to downgrade from an iPhone to an Android phone).
FIDO’s proposal is technically called “multi-device FIDO credential,” but the big tech companies are colloquially referring to it as “passkey.” The idea is that when you unlock your phone with your face or fingerprint, you’ve effectively proven who you are, so you should also be able to log into other apps and websites without any prompts.
“We want people to get passwords off of their servers,” says Andrew Shikiar, the FIDO Alliance’s executive director.
As anyone who uses a password manager will tell you, not having to think about passwords can feel liberating. But by eliminating them outright, FIDO’s proposal risks putting even more control over users’ digital lives in the hands of just a few major tech companies.
FIDO’s current proposal has no mechanism for bulk-transferring passkeys between ecosystems. If you want to switch from an Android phone to an iPhone—or vice versa—you won’t be able to easily move all your passkeys over.
“We don’t really have a batch export method right now,” Shikiar says. “I think that’s probably a future iteration.”
MacDailyNews Take: It’s a security issue that needs to be executed carefully. As Sam Srinivas, President of the FIDO Alliance, told Newman: “It’s very hard to do it safely from the get-go, because if we give a mechanism without great care for someone to export all these keys, you know who’s going to show up first for that. It’s not going to be the legitimate user.”
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!