A global tech industry group devoted to ending the internet’s dependence on passwords has released a set of resources that it hopes will usher in a new paradigm for how we sign in to things online.
The Fast Identity Online (FIDO) Alliance—which is composed of tech companies, password managers, retailers, and government agencies—believes that passwords are insecure and inconvenient, pointing to the large number of users who forget passwords, reuse passwords across sites, and have their passwords compromised in data breaches or phishing attacks. Instead, the alliance would like everybody to use passkeys.
A passkey is a form of public key cryptography that replaces account usernames and passwords with random strings of data. Those cryptographic keys are stored in an authenticator, which is similar to a password manager and can only be unlocked by the same method a person uses to unlock their phone or other device—for example, facial recognition, thumbprint detection, or a PIN. When you sign in to a website with a passkey, you’re prompted to unlock your device, at which point the authenticator sends the website the cryptographic key necessary to log in to your account.
Confused? On Monday, the FIDO Alliance published Passkey Central, an online guide explaining how the technology works and why everyone should be using it. At the same time, the organization released draft credential exchange specifications aimed at standardizing the way organizations transfer user credentials like passkeys between each other, so that users can move their log in information between devices, operating systems, and password managers without compromising their security.
More than 13 billion online accounts—across platforms like Google, Apple, Amazon, Microsoft, Nintendo, PayPal, and TikTok—are currently able to use passkeys, according to the FIDO Alliance. The group hopes that Passkey Central will spread awareness and provide all the information other businesses need to implement the new system on their websites.
“Our adversaries attack nations in cyberspace using techniques that are blocked by passkeys and related technologies. We need to do what we can to accelerate passkey adoption, and to help regular people understand that passkeys protect countries, and make their online lives a little easier,” Craig Newmark, founder of Craig Newmark Philanthropies, which helped underwrite the Passkey Central project, said in a statement.