Tired of using passwords and the insecurity they usually offer? In an era of data breaches and dumps, it has become crucial to shift to a new paradigm that doesn't depend on passwords for using internet services. To offer stronger authentication all over the web, the FIDO Alliance and the World Wide Web Consortium (W3C) are launching a new standard called Web Authentication -WebAuthn.
WebAuthn enables online service providers to offer FIDO Authentication through web browsers. Several top companies, including the makers of Chrome, Edge, and Firefox have promised to support this new Web Authentication API that offers better protection against phishing. Since WebAuthn uses unique encrypted credentials for each site, it reduces the chances of phishing and hacks as the same password cannot be used on multiple sites.
How will WebAuthn work
Instead of entering passwords, WebAuthn allows users to sign in using a fingerprint, retina scan, other biometric data stored in a smartphone, and even using a hardware key plugged into your laptop or a dedicated app. While it is already available to users, browser makers' support will bring a major breakthrough, pushing for a password-free internet.
Earlier today, a number of tech companies including Google and Microsoft promised to soon bring FIDO2 authenticators offering users a more secure way of using the internet. Chrome 67 and Firefox 60 will bring the WebAuthn API enabled by default when they reach stable channels. Microsoft also plans to soon add support for WebAuthn in Edge. While iOS already supports the ability to use FIDO-certified authentication tools, Safari is also expected to soon bring the API, however, Apple hasn't officially confirmed it.
"With the new FIDO2 specifications and leading web browser support announced today, we are taking a big step forward towards making FIDO Authentication ubiquitous across all platforms and devices," says Brett McDowell, executive director of the FIDO Alliance. "After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications."