BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Apple Just Made A Striking New Security Move That Could Impact All Users

Following
This article is more than 4 years old.

As a standalone form of authentication, passwords are pretty poor. Passwords are exposed in data breaches, people forget them, use insecure credentials and repeat them across services. It’s with this in mind that Apple has just made a bold move to try and help all users move away from passwords alone, and towards more secure forms of authentication, such as security keys. 

Apple has joined the FIDO Alliance (AKA Fast Identity Online), an organization already including giants such as Google, Intel, Microsoft and Samsung.

Given Apple’s status and size, the iPhone maker’s move is significant. But it has also come very late in the day: Apple is one of the last big firms to join FIDO.

What is the FIDO Alliance and what is its mission?

Founded in 2012 by companies including PayPal and Lenovo, the FIDO Alliance’s mission is to create authentication standards to reduce reliance on passwords. It has two aims: The adoption of multi factor authentication U2F tokens, and authentication (FIDO2).

The Alliance wants to develop technical specifications that can apply across platforms. The FIDO site reads: “Based on free and open standards from the FIDO Alliance, FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.”

The FIDO site lists additional forms of authentication including security keys and biometrics such as facial recognition, fingerprint scanners and voice. 

The idea is that in the future, a device can be used to log into another device: for example, your Apple Watch could be used to log in to your iPhone. 

Why Apple joining FIDO makes sense

Apple joining FIDO makes absolute sense, the only question is why the U.S. firm didn’t do it sooner. Apple has already been promoting FIDO-like abilities on its iPhones and iPads for years, with biometric authentication such as Face ID and Touch ID

Meanwhile, in iOS 13.3, Apple has added the ability for FIDO compliant security keys such as the Yubico YubiKey to be used to authenticate your services in Safari. The key can be inserted directly into your iPhone, as I demonstrated in a video last year.

Recently, the Secure Enclave on Apple’s A-Series chips has allowed iPhones to be used as a security key themselves: using your iPhone, you can now log into Google services. Expect more of this sort of thing in the future. 

Apple could help drive adoption

Apple is a strong company for the FIDO Alliance to have on board–and major vendors joining the alliance should hopefully help drive adoption, says security researcher Sean Wright.

Wright says not having all the big tech firms on board has so far “been one of the limiting factors of these technologies.” 

And although security can often hinder functionality, he says FIDO also comes with improved usability. “As adoption improves, I only see further improvements to usability–especially with Apple involved, which is renowned for taking a technology and polishing it really well.”

ESET cybersecurity specialist Jake Moore agrees: “Keeping the same level of security or increasing it while making the account more convenient for the user is a step in the right direction. 

“It’s well known that passwords are still being reused across multiple accounts so if this security layer can be taken away from the user altogether, with the same security in place, we are improving the process and moving forward.”

Follow me on Twitter or LinkedIn