Apple’s and Google’s plans to nix passwords creates ecosystem lock-in risk

Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms, but there is currently no mechanism for bulk-transferring passkeys between ecosystems, creating the risk of ecosystem lock-in for those who want to upgrade from an Android phone to an iPhone (or the three people who want to downgrade from an iPhone to an Android phone).


Jared Newman for FastCompany:

FIDO’s proposal is technically called “multi-device FIDO credential,” but the big tech companies are colloquially referring to it as “passkey.” The idea is that when you unlock your phone with your face or fingerprint, you’ve effectively proven who you are, so you should also be able to log into other apps and websites without any prompts.

“We want people to get passwords off of their servers,” says Andrew Shikiar, the FIDO Alliance’s executive director.

As anyone who uses a password manager will tell you, not having to think about passwords can feel liberating. But by eliminating them outright, FIDO’s proposal risks putting even more control over users’ digital lives in the hands of just a few major tech companies.

FIDO’s current proposal has no mechanism for bulk-transferring passkeys between ecosystems. If you want to switch from an Android phone to an iPhone—or vice versa—you won’t be able to easily move all your passkeys over.

“We don’t really have a batch export method right now,” Shikiar says. “I think that’s probably a future iteration.”

MacDailyNews Take: It’s a security issue that needs to be executed carefully. As Sam Srinivas, President of the FIDO Alliance, told Newman: “It’s very hard to do it safely from the get-go, because if we give a mechanism without great care for someone to export all these keys, you know who’s going to show up first for that. It’s not going to be the legitimate user.”

Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!

Shop The Apple Store at Amazon.


  1. Why do I get the feeling, that while FIDO’s intentions are good, they are going to f*ck it up, just like the career criminal grifting politicians, that idiots, both on the left and right, with the right to vote, put in office these maggots for 20, 30, 40 years and yet we the people have to tolerate their insufferable garbage governance, while these DC buffoons, some of them, are sporting 100 plus million dollars net worth on a six figure job that’s not even $200,000.00.

    I think if implemented, it will be another trip down the rabbit hole. How about making the hacking of accounts, stealing passwords a death penalty crime. If caught and gone through the BS of the judicial system, be rid of them. It may not be a deterrent, but for some, they will never benefit for not minding their own damn business and keeping their hands off other people’s stuff!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.