Web Authentication API (WebAuthn) has been declared as the Web standard by World Wide Consortium (W3C). This standard will let the user login to a website without entering his password. WebAuthn will now allow the user to log-in to the websites by using their biometrics (fingerprint), smartphones or FIDO security keys.
The web standard was first announced in 2015 but now it has the support of W3C’s contributors, which has big technology names in it like Apple, Google, Microsoft, Intel, Mozilla, IBM etc. Dropbox, the online file storing platform became the first to integrate the WebAuthn on its platform in 2018 and was followed by Microsoft.
The standard is also supported by Operating Systems (OS) like Android and Windows 10 and web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge. Now that WebAuthn has become an open standard, more web services and platforms will get it and utilize it to make their own platform digitally more secure as the standard gives a much better security than using just the passwords.
Passwords of any type are extremely personal and if it falls in the wrong hands then a lot can be lost. They are vulnerable and have to be paired with multiple layer of authentication for added security. The latest announcement of declaring the WebAuthn as the web standard has made it possible for a password-free web. Now the users won’t have to enter their passwords every time they visit a specific website.
With the new standard, surfing the internet will be more secure than before. Earlier, Google too had launched an in-built security feature in the Google Chrome which lets the user browse the internet more securely.
— The FIDO Alliance (@FIDOAlliance) March 4, 2019
Speaking on the new development, W3C and FIDO Alliance said, “It’s common knowledge that passwords have outlived their efficacy. Not only are stolen, weak, or default passwords behind 81% of data breaches, they are a drain of time and resources.”
WebAuthn is the central part of FIDO Alliance’s FIDO2 specifications as it is a standard which lets the user use methods other than usual password authentication. The new standard will look at security, scalability, privacy along with convenience of the user. FIDO2’s login details would be unique across each website logins and the users’ biometrics details will never leave their devices and won’t be stored on a server. In simpler terms, the user will have the option to login using their fingerprints, FIDO physical security keys or mobile devices. FIDO’s keys are different and unique for every website so it can’t be used to track the user.