This month, Apple announced support for FIDO (Fast IDentity Online) Alliance’s “passwordless sign-ins” technology to provide users with a “simpler and stronger” authentication mechanism. Apple has partnered with Google and Microsoft to launch the “passwordless sign-in” capability by 2023 on their respective platforms.
However, FastCompany reports that the inability to migrate “passwordless sign-in” from iOS to Android or vice versa, will further lock in consumers on Apple and Google ecosystems.
FIDO passwordless technology does not support the transfer of passkeys from an Apple to an Android device, or vice versa
The FIDO standard “passwordless sign-in” is designed to make it the login process easier and more secure by allowing the devices to authenticate users. Through Face ID or Touch ID, the authentication process will take place on the device, not on the website.
As convenient as the mechanism appears, it will prevent users from transferring their passkeys from an iOS to an Android device or vice versa. And the report labels that as “no way out”.
FIDO’s current proposal has no mechanism for bulk-transferring passkeys between ecosystems. If you want to switch from an Android phone to an iPhone—or vice versa—you won’t be able to easily move all your passkeys over.
“We don’t really have a batch export method right now,” says FIDO Alliance executive director Andrew Shikiar. “I think that’s probably a future iteration.”
By contrast, the tangible nature of passwords makes them fairly easy to transfer. Major web browsers can import passwords from other browsers with just a couple of clicks, and most password managers can download users’ logins to a .csv spreadsheet, letting users manually upload them to a competing service.
Having said that, the report also mentions that FIDO plans to incorporate support for copying passkeys one at a time in the future but that too has limitations.
Still, moving passkeys one-by-one won’t be feasible for users who want to leave a particular ecosystem and have saved up dozens or hundreds of logins.
FastCompany proposes that the inclusion of third-party password managers like 1Password could solve the aforementioned lock-in issue.
One way to prevent a lock-in scenario would be to let third-party password managers such as Bitwarden and 1Password manage users’ passkeys. That way, users wouldn’t have to rely on Apple, Google, and Microsoft to manage their logins, and could easily move between platforms.
What are your thoughts on passwordless technology and its limitations? Let us know in the comments.