Goodbye Password, you will be forgotten.
Fun fact: Users spend nearly 11 hours entering or changing passwords. Well, that number is about to go down thanks to a new initiative called WebAuthn.
The Worldwide Web Consortium(W3C) and FIDO alliance announced a new web standard this week which will allow you to use your fingerprint or mobile device for a hassle-free login pretty much anywhere.
What is WebAuthn?
At its core, WebAuthn is an API that allows websites to communicate with a security device (ranging from FIDO security keys and mobile devices to a built-in or external biometric device).
It is not a new concept. WebAuthn has been in existence since 2015 and has been widely adopted by many major browsers like Chrome, Firefox, Edge and Safari and already has built-in support in operating systems such as Android and Windows. Despite this, it wasn't a web standard up until now.
What is W3C and FIDO?
The World Wide Web Consortium (W3C) is an international organization made up of several hundred member organizations from a variety of related IT industries committed to improving the web.
FIDO (Fast ID Online) is a set of technology-agnostic security specifications for strong authentication. FIDO is developed by the FIDO Alliance, a non-profit organization that seeks to standardize authentication at the client and protocol layers.
?How does WebAuthn login differ from Password-based login?
Traditional password based login requires a user to enter a set of credentials (usually a username/email and a password). This means that for every website or service that you register for, you need a new set of credentials. Let's not forget the add-on task of memorising all those passwords or using a cumbersome password manager.
WebAuthn solves this problem by eliminating the requirement of passwords, providing a hassle-free user authentication system. Instead of a password, it uses a FIDO device, mobile devices, inbuilt sensors and external systems.
The W3C urges websites to adopt the new standard as a way to allow users to log in more easily, quickly, and securely:
Jeff Jaffe, W3C CEO said:
“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences (...). W3C's Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
Advantages of WebAuthn over password- based login:
- No more phishing attacks or password theft.
- Forget about "forgot password?".
- Credentials are unique for every website.
- The encrypted password never leaves the user's device.
- One device for a hassle-free log in anywhere.
As the internet turns 30, we have come far from where it started. It has grown from a select few users to a 3.9 billion user base, and the risks associated have grown accordingly. Stolen, weak and default passwords are behind 81 percent of data breaches.
The standardization of WebAuth is a paradigm shift towards a safer and more secure web browsing, the next step is for websites to integrate the standard.
The password isn’t on its last legs just yet, but after today’s announcement, WebAuthn is one step closer to being a viable alternative.