TikTok has joined the ranks of companies swapping out familiar passwords, which can be easily overcome by hackers, for passkeys for user sign-in processes. Fast to sign in with, easier to use and more secure, many social media platforms have transitioned to the use of passkeys on iOS devices.
Passkeys, built on WebAuthentication, offer ways to secure their community’s accounts, assure genuine presence of the user and resist common attacks like phishing.
TikTok, who announced their membership in the FIDO Alliance, said users would be able to sign in to their accounts across multiple devices by using simple Face or Touch ID recognition.
The takeover of passkeys eliminates cumbersome authentication requiring one-time logins to be sent to a second device and will crack down on bots being used in more cases of SMS fraud to pass two-factor authentication.
The FIDO Alliance is an open industry organisation that promotes authentication standards to reduce reliance on traditional passwords which could be lost or stolen, in favour of passkeys.
The cryptographic key is securely and uniquely designed when an account is registered. Verification via Apple Face or Touch ID can authorise the use of the passkey, which authenticates the user into an app or website using the private key. Users will be prompted to set up multi-factor authentication when registering a new passkey.
Apple, Microsoft and Google
Apple, Microsoft and Google have also decided to ditch passwords which are increasingly being replaced in a modern digital age by passkey technology that evolves GDPR and security standards.
While users must break their behaviours of using passwords, which are familiar to them and widely popular, the FIDO Alliance believes users can be won over by how easy the passkey creation process is. People are already familiar with security requirements and multi-action authentication using face recognition.
The UX is a critical component in helping users adopt passkeys as a password replacement. The FIDO Alliance released its UX guidelines in May to support service providers in building a better user experience to accelerate momentum and adoption of passkeys.
Data utilised in encrypted biometric authentication using passkeys is stored safely on the device and not accessible by third-party apps.
Andrew Shikiar, FIDO Alliance Executive Director commented “Passwords are a hindrance to security and user experience that are long past their expiration date”.
Kim Albarella, Head of Global Security at TikTok said their membership in the FIDO Alliance was perfectly timely as they “begin to introduce passkeys for login, working with industry leaders to amplify secure passwordless technologies”.
