Passwords have been with us for a long time and they are the de facto way for us to secure our online accounts. However, passwords can be problematic if the service is hacked and the information leaked, or the people creating these passwords create weak ones.
Despite the obvious weaknesses of the passwords and it being a standard, we’ve been waiting for another system that could do away with it entirely, and it seems we have one in the works.
The World Wide Web Consortium (W3C) and FIDO Alliance (Fast IDentity Online) completed a new Web Authentication system that is geared to securely authenticate cross sites and devices.’ “The Web Authentication API (Web Authn API) uses asymmetric (public key) cryptography instead of passwords or SMS texts for registering, authentication and second factor authentication with websites,” they said.
Why is this important? Well this new system will solve issues that we saw with the current password systems which include phishing, data breaches and attacks on second factor authentication systems.
Using this new Web Authn API, users will be able to login using a single gesture using internal/ built in authenticators (fingerprint or facial biometrics) in PCs and phones or external authenticators like security keys and mobile devices.
Apparently this system is better since user credentials and biometric templates never leave the user’s device and stored on servers and accounts are protected from phishing.
This technology is being tested on Firefox under ‘experimental technology’ but you will see it being supported on other browsers since Google and Microsoft have committed in supporting this new standard. Apple is conspicuously missing from this list