Apple, Google and Microsoft expand use of thumb and face ID to replace passwords

Use of mobile phone 'passwordless' technology will soon be extended to popular websites

People will soon be able to log into popular websites with their thumb or face as Apple, Google and Microsoft extend the use of mobile phone 'passwordless' technology.

The three tech companies are among scores of firms joining a new initiative to reduce the need for customers to remember more and more passwords.

Instead of typing in a password to a website the service will connect with the person's mobile phone and allow them to scan their thumb print or face to verify their identity.

Google said the technology will be available on its Chrome web browser and Android mobile operating system this year.

It said: “Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”

The FIDO Alliance, the industry association behind the initiative, said: “Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers."

The technology works by using your mobile device instead of a password. People will be able to use their phone’s unlock features, such as scanning a fingerprint or facial recognition, to authenticate themselves to websites instead of inputting separate details for every web-based service they use.

Customers will still have the option to use a password if they prefer not to use biometrics.

Andrew Shikiar, director of the FIDO Alliance, said: “The problem that we face, frankly, is scale.”

Mr Shikiar said that although the technical capability exists to replace passwords with phone-based biometrics, which are already used to secure mobile devices, large companies have been slow to roll the technology out for general use.

One of the biggest challenges for web-based companies over the past decade has been convincing their customers to pick secure passwords.

As the number of online services demanding a username and password keeps growing, consumers take more shortcuts such as reusing the same password across multiple sites.

If hackers get hold of that password, they can log into multiple websites and carry out crimes such as stealing personal data, committing identity theft and making fraudulent money transfers.

The Telegraph understands that Gmail and YouTube will not be implementing the passwordless login features until technical groundwork has been laid so any website, anywhere in the world, can use the FIDO Alliance’s passwordless standard.

Apple said today's announcement is a continuation of work it began last year to enable FaceID technology as a means of logging into websites from iPhones, using FIDO's WebAuthn standard.

Alex Simons, corporate vice president of identity at Microsoft, said methods of replacing passwords “must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today" and said the company would continue working on non-password-based login methods for its services.