[German]Yesterday, May 5, was "World Password Day" – and from this point of view, the announcement of the FIDO Alliance to make the Internet more secure and usable for everyone is only logical. The FIDO Alliance and the World Wide Web Consortium have developed a procedure for password-free user logon. Apple, Google and Microsoft, with the FIDO Alliance on May 5, 2022, have now announced plans to expand support for a common standard for passwordless logins that builds on the FIDO solution. The new feature is intended to enable websites and applications to offer consistent, secure and simple passwordless logins to users across all devices and platforms. Microsoft plans to release certain features as early as May and June 2022 for Windows and Microsoft Authenticator.
Advertising
Using passwords to log in to websites is proving to be one of the biggest security issues online. Too often, users fall for phishing attempts, or passwords are captured in hacks as well as data leaks. Managing multiple passwords is also cumbersome for users. This often leads to reusing the same passwords on different services or storing or writing them down somewhere. This practice can lead to costly account takeovers, data breaches and even stolen identities.
One solution would be password managers, which at least make it easier to manage passwords. But even there, there have been repeated data leaks and problems. With traditional forms of two-factor authentication, there have also been incremental improvements, and there has been industry-wide collaboration to develop login technologies that are more convenient and secure than simple passwords.
FIDO Alliance standard
Under the FIDO Alliance, the World Wide Web Consortium W3C and hundreds of technology companies and service providers from around the world have worked to develop the standards for passwordless logon. These are already supported by billions of devices and all modern Web browsers.
Apple, Google and Microsoft have already led the development of this expanded feature set to date. These companies' platforms already support the FIDO Alliance standards to enable passwordless login on devices. However, implementations to date require users to log in to each website or app using each device before they can use the passwordless functionality.
Extended passwordless login
Now, an expansion of support for passwordless authentication standards is to be rolled out, co-sponsored by the three companies Apple, Google and Microsoft. According to the announcement , platform implementations will be enhanced to provide users with two new features for seamless and secure passwordless logins:
Advertising
- Enabling automatic access to FIDO credentials (referred to by some as "passkey") on many of their devices, including new ones, without having to re-login for each account.
- Users can use FIDO authentication on their mobile device to log in to an app or website on a nearby device, regardless of the operating system platform or browser they use.
The broad support of this standards-based approach by the three aforementioned companies will enable service providers to offer FIDO credentials without passwords as an alternative login or account recovery method, improving the user experience. It is expected that these new features will be available on Apple, Google and Microsoft platforms over the coming year.
Microsoft's plans
In addition to the FIDO Allicance announcement, Microsoft has also made an announcement to that effect. The above tweet points to this Techcommunity article. There, Microsoft employee Alex Simons (from the AZURE team) describes Microsoft's plans in a bit more detail.
Microsoft has already implemented passwordless support for Windows 365, Azure Virtual Desktop and Virtual Desktop Infrastructure. The feature is currently in preview builds for Windows 11 Insiders and is also on the way for Windows 10. The new Windows Hello for Business Cloud Trust feature is designed to simplify the deployment of Windows Hello for hybrid environments. This new deployment model eliminates the previous requirements for Public Key Infrastructure (PKI) and public key synchronization between Azure AD and on-premises domain controllers.
This improvement is intended to eliminate delays between the deployment of Windows Hello for Business and the authentication of users. The plan: the new feature should make it easier to use Windows Hello for Business to access on-premises resources and applications. Cloud Trust is now available as a preview for Windows 10 21H2 and Windows 11 21H2.
Further, Microsoft Authenticator is said to support multiple user accounts for passwordless login in the future. iOS users are said to get this feature before the end of May 2022, and the feature will be made available for Android after that. The Temporary Access Passcode in Azure AD has also been a big hit with enterprises since its public preview, according to Microsoft. Now, more ways to use it have been added. Microsoft is currently preparing to release the feature in the summer of 2022. This should include giving temporary access passes instead of passwords when setting up new Windows devices. Users should be able to use a temporary access pass for initial login. Then Windows Hello can be configured, and to connect a device to Azure AD. This update is scheduled to be available in June 2022.
In this article Microsoft is conducting an interview with Libby Brown. This is a senior product manager who has been driving efforts to make Microsoft Azure Active Directory (Azure AD) customers more secure with passwordless solutions.
