ADVERTISEMENT

Websites will be phasing out passwords


WebAuthn is expected change the way that people access the Web, — TNS

WebAuthn is expected change the way that people access the Web, — TNS

If you are one of the many people who struggle to remember long and complicated passwords, the days of clicking "forgot password" will soon be a thing of the past.

Web standards bodies World Wide Web Consortium (W3C) and Fido Alliance announced WebAuthn, a new web authentication standard that lets users replace passwords with more secure login methods like biometrics.

Users can use devices such as smartphones, USB tokens, fingerprint scanners or webcams, which would communicate with the websites via Bluetooth, NFC or USB.

"Security on the web has long been a problem which has interfered with the many positive contributions the Web makes to society. While there are many web security problems and we can't fix them all, relying on passwords is one of the weakest links. With WebAuthn's multi-factor solutions we are eliminating this weak link, stated W3C chief operating officer Jeff Jaffe in a statement. "WebAuthn will change the way that people access the web."

For example, if a user wants to log in to a website, they will receive an alert on their smartphone and they can use their fingerprint to gain access without using a password. The authentication token would only last as long as it takes to authenticate the user, and would require a specific device to authenticate.

"After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes," said Fido Alliance executive director Brett McDowell, who suggests that websites and service providers should adopt phishing-resistant alternatives instead.

Facebook and Google are two of the major websites that already use Fido Alliance's services for login authentication, but now with the support of W3C more sites and services can use WebAuthn to eliminate the need to use passwords as a login method.

Google, Microsoft, and Mozilla have committed to supporting the WebAuthn standard in their flagship browsers and have started implementation for Windows, Mac, Linux, Chrome OS and Android platforms. No news from Apple's Safari yet.

WebAuthn API is already available to public, and developers and vendors can start on building support into their products and services

   

ADVERTISEMENT