Remembering passwords is no doubt a hectic task. Nowadays we keep registering us on various websites and feeding our brain with new passwords every day, but it’s certainly not possible for our brain to remember all of them.
W3C: WebAuthn is now been approved as an official web standard. It’s time to say goodbye to passwords and start using this web authentication. It allows you to log into your internet accounts without using passwords. Instead, you can simply log in using fingerprint, USB security keys or devices like smartphones or watches.
The World Wide Web Consortium (W3C) and the FIDO Alliance announced the finalization of W3C: WebAuthn for a secure and passwordless Internet. “This advancement is a major step forward in making the web more secure and usable for users around the world,” said W3C in its press release.
The new standard will not only improve security but also allow users to log in more easily, quickly and securely. The new WebAuthn is already supported by Android, Windows 10, Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) Web browsers. The W3C also recommends websites to adopt the new Web Authentication standard as soon as possible.
According to Jeff Jaffe, W3C CEO, “Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences.” He also added, “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
It’s a fact that stolen, weak or default passwords are the reasons behind almost 81% of data breaches. Though the common methods like One-Time-Password (OTP) and Multi-Factor Authentication (MFA) adds another layer of security, they are still vulnerable to phishing attacks. As per W3C, the WebAuthn will eradicate many problems related to old authentication methods.
Talking about the other thing, FIDO keys are a way better than passwords and solves all the issues with traditional authentication such as:
- Security: FIDO2 cryptographic login credentials are unique across every website. So, there’s no risk of phishing, password theft or a replay attack. The biometric data never goes outside the user’s device nor stored on a server.
- Convenience: It makes the entire process of login super easy and convenient with fingerprint readers, cameras, FIDO security keys, smartphones or watches.
- Privacy: As FIDO keys are always unique, they can’t be used to track your or your browsing habits on the Internet.
- Scalability: FIDO2 is scalable too. You just need to make a simple API call to activate FIDO2. It’s supported by almost every browser and billions of devices.
The W3C and FIDO are definitely taking a big step towards achieving passwordless logins on websites. According to Brett McDowell, Executive Director of FIDO Alliance,
Web Authentication as an official web standard is the pinnacle of many years of industry collaboration to develop a feasible solution for stronger authentication on the web.
We hope a large number of websites and web services will adopt WebAuthn and make the Internet more secure.