Today the FIDO Alliance announced that Google, Apple, and Microsoft are committed to expanding support for device biometrics authentication across their platforms. This is exciting news for anyone who is invested in moving away from password-based authentication.
The main focus of the announcement is around cross-device biometric authentication. The core protocol behind device biometric authentication is called WebAuthn and it is designed with a single device in mind. The authentication materials for a website (a private key in this case) are stored securely on a device and your face, fingerprint, or other biometric is used to unlock the device to access that private key and sign a request from the website you are trying to log into. Fundamentally, that means that if you login to a website on your phone, the authentication materials for that website will not be available on your laptop. This is completely different than password-based login schemes, where a password is easily transferrable between different devices.
Passage handles all of the cross-device orchestration to ensure that users can log in on any device at any time. This announcement is exciting to us because we are constantly looking for new, innovative ways to improve the user experience for cross-device login. The announcements states that the changes will “enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.” They will also support accessing credentials on new devices at the device or browser level. When these companies add these capabilities, Passage will be able to greatly reduce the number of out-of-band, slow logins that happen. Fewer magic links means a better user experience!
We are excited to see the major browsers and device manufacturers pushing the innovation in passwordless authentication. At Passage, we continue to view device biometrics as the future of authentication and are committed to making it a great developer and user experience.