A THING OF THE PASSTWORD?

A THING OF THE PASSTWORD?

Web Authentication should give a great excuse to forget our passwords.

Google, Microsoft, and Mozilla have shown interest in the project.

WebAuthn is a specification to allow browsers to expose hardware authentication devices—USB, Bluetooth, or NFC—to sites on the Web. These hardware devices enable users to prove their identity to sites without requiring usernames and passwords. The spec has been developed as a joint effort between FIDO, an industry body that’s developing secure authentication systems, and W3C, the industry group that oversees development of Web standards.

With WebAuthn-enabled browsers and sites, users can sign in using both integrated biometric hardware (such as the fingerprint and facial-recognition systems that are widely deployed) and external authentication systems such as the popular YubiKey USB hardware. With WebAuthn, no user credentials ever leave the browser and no passwords are used, providing strong protection against phishing, man-in-the-middle attacks, and replay attacks.

This will take some time to implement with hopefully a step in the right direction.

Leave a reply

Your email address will not be published.