The world wide web just took another step towards a password free future. The World Wide Web Consortium (W3C) and FIDO Alliance have approved the WebAuthn authentication standard for password free logins for online accounts. WebAuthn, which is short for Web Authentication, will give users the option to sign in with biometrics, mobile devices or authentication keys that support the FIDO (Fast ID Online) standard.
WebAuthn is already supported by web browsers including Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari. Software platforms such as the Microsoft Windows 10 and Google Android also support WebAuthn. “Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,” says Jeff Jaffe, CEO, W3C.
“Our work with W3C and FIDO Alliance, and contributions to FIDO2 standards have been a critical piece of Microsoft’s commitment to a world without passwords, which started in 2015. Today, Windows 10 with Microsoft Edge fully supports the WebAuthn standard and millions of users can log in to their Microsoft account without using a password,” says Alex Simons, Corporate Vice President, Program Management, Microsoft Identity Division.
The way this works is that supported websites will let you log in to your account using fingerprints, facial recognition, USB keys connected to the computing device or even your smartphone or smartwatch. The standard is designed to link your credentials to your online account, paired with the authentication method of your choice. This reduces the risk of someone skimming your password with a malware or phishing attack, keystroke logging or a pure and simple hack into your system’s data.
This by no means suggests that the end of passwords is here, but now that this new standard has been finalized, we could see even more websites and online services adopt this new technology, which could simply make the world wide web a much safer place.