The World Wide Web Consortium (W3C) and Fast Identity Online Alliance (FIDO Alliance) have distributed a press release announcing a major standards milestone regarding the implementation of a web-based standard API that can be utilized to securely log users into web sites and services without the use of a password. This API is called Web Authentication, or WebAuthn, for short.
The joint press release highlights that the deployment and adoption of Web Authentication will offer users protection from dangers such as "phishing, man-in-the-middle attacks and the abuse of stolen credentials" by utilizing security measures such as biometrics (fingerprints and facial scanning) and local authentication via Bluetooth, Near-Field Communication, and USB.
Presently, Web Authentication is supported in Mozilla Firefox's latest version, with support in Google Chrome and Microsoft Edge forthcoming. Apple's Safari web browser has yet to announce support for Web Authentication, but experts from the company are a part of the W3C's working group for the standard.
Though this does not mean an immediate or even a near-future end of passwords, this is one of the first tangible steps towards an Internet standard being implemented for a future protected by more secure instruments, such as biometric scanning and hardware tokens. These tools will make it much, much harder for conventional phishing attacks and malicious actors to gain access to users' private information.
The press release includes the following major project benefits:
Simpler authentication: users simply log in with a single gesture using:
Stronger authentication: FIDO Authentication is much stronger than relying only on passwords and related forms of authentication, and has these advantages: