Recently, WebAuthn became the official web standard and will help millions of users to forget passwords. Read on to know more about it…
Do you find typing your passwords to log into websites every time? Well, those days are numbered as the World Wide Web Consortium (W3C) has officially declared the Web Authentication API (WebAuthn) as a Web standard. In other words, this standard enables password-free logins on various websites. The standard was initially announced back in 2015. It is now supported by W3C’s contributors, which include Apple, Google, Microsoft, Intel, IBM, Mozilla, and others. Dropbox was the first to integrate WebAuthn, followed by Microsoft.
The announcement will further fuel the move towards a password-free Web. Passwords are vulnerable and have to be paired with multiple levels of authentication for added security. In an official statement, W3C and FIDO Alliance said, “It’s common knowledge that passwords have outlived their efficacy. Not only are stolen, weak, or default passwords behind 81 percent of data breaches, they are a drain of time and resources.”
WebAuthn is a core part of FIDO Alliance’s FIDO2 specifications. It is a standard that aims to offer an alternative to conventional forms of authentication in various ways. FIDO2 looks to address security, convenience, privacy, and scalability.
WebAuthn, short for Web Authentication, is a browser and platform standard for simpler and stronger authentication processes, according to W3C and the FIDO Alliance. It lets users log in to their online accounts using their preferred device, biometrics or FIDO security keys. WebAuthn will allow users to log into websites using their biometrics, mobiles, or FIDO security keys. The standard is also supported by Android and Windows 10. Web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox have already added support for WebAuthn while Apple’s Safari is currently supporting it in preview versions.
FIDO2’s login details are unique across each website while users’ biometrics never leave their devices and aren’t even stored on a server. As for convenience, users are able to easily login using simple fingerprint readers, physical security keys or their mobile devices. FIDO keys are unique for each website, therefore it takes care of a user’s privacy since it can’t be used to track them.
The Road Ahead
Google in February said Android is FIDO2-certified, which means devices can use fingerprints and security keys for logging in to accounts instead of passwords. The change affects those running Android 7 and up, half of all Android users. That is approximately billion of devices.
With WebAuthn becoming an open standard, a lot of Web services are expected to jump in and embrace it. The standard promises much higher security compared to using passwords alone. With the recent announcement, it will further fuel the move towards a password-free Web. Passwords are becoming less popular and is vulnerable — and also they have to be paired with multiple levels of authentication for added security.
The cyber world will expect to see a lot of web services implementing WebAuthn in the coming years, making lives easier for millions of users.