These vendors’ support for the FIDO standard will allow billions of people to log into devices and online services without using passwords, instead using their fingerprint, face, or device PIN.
Employees will be less vulnerable to phishing attempts and credential theft attacks, which have plagued organizations for years, thanks to this approach, which also improves the end-user sign-in experience.
Because of people’s poor password hygiene (i.e., reusing credentials across numerous services), vulnerability to data breaches, and phishing scams, Google has been striving to replace passwords for the past decade or so.
Today, in honor of World Password Day, we’re announcing a major milestone in this journey: over the next year all major device platforms have committed to building in support for passwordless FIDO Sign-in standards. We plan to implement passwordless support in Android & Chrome.
Passwordless approaches in the modern era
While today’s announcement demonstrates Apple, Microsoft, and Google’s commitment to passwordless authentication, the companies have been gradually experimenting with passwordless login options for the past few years.
For example, Microsoft reported in 2020 that over 150 million people used passwordless logins on a monthly basis, including Windows Hello’s fingerprint and facial recognition to access Azure AD and the Microsoft Authenticator App to login without a password.
Similarly, Apple added passkeys to iCloud Keychain last year, allowing users to log in to services by confirming their username and confirming their identity with Face ID or Touch ID.
With Google’s announcement that users will be able to log in without a password by 2023, the era of password-based security appears to be coming to an end.
The massive volume of credential theft, with the number of annual credential spill incidents nearly doubling between 2016 and 2020, is unsurprising given the reasons why 92 percent of organizations believe passwordless authentication is the future.
A quick look at the market for passwordless authentication
As more businesses become aware of password security flaws, demand for secure sign-in solutions is increasing, propelling the global passwordless authentication market, which is expected to grow from $12.79 billion in 2021 to $53.64 billion by 2030, according to analysts.
Apple, Microsoft, and Google aren’t the only companies experimenting with passwordless methods to eliminate the possibility of credential theft.
Okta, which recently reported total revenue of $1.78 billion, offers a solution called Okta FastPass, which allows users to register their devices to Universal Directory with Okta Verify, allowing them to sign-in to cloud or on-premise apps and VPNs without having to enter a password.
Hypr, a company that has raised $70 million in total funding, offers an MFA solution that allows users to turn their smartphones into FIDO tokens and log into the HYPR Desktop MFA client using third-party passwordless authentication such as Windows Hello, Touch ID, and Yubikey.