Yesterday, the W3C and FIDO alliance approved using WebAuthn as an official web standard, eliminating password-based logins. WebAuthn or Web Authentication was first introduced in November 2015 as a way of replacing passwords for securing online accounts. It is now already supported by most browsers, including Chrome, Firefox, Edge, and Safari as well as in Android and Windows 10.
WebAuthn allows users to log into their internet accounts using biometrics, mobile devices, and/or FIDO security keys which offer higher security over passwords alone.
WebAuthn is an important component of the FIDO Alliance’s FIDO2 set of specifications. FIDO2 is a standard that supports public key cryptography and multifactor authentication. Per the official press release, FIDO2 attempts to address traditional authentication issues in four ways:
- Security: FIDO2 cryptographic login credentials are unique across every website; biometrics or other secrets like passwords never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft, and replay attacks.
- Convenience: Users log in with simple methods such as fingerprint readers, cameras, FIDO security keys, or their personal mobile device.
- Privacy: Because FIDO keys are unique for each internet site, they cannot be used to track users across sites.
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $15.99/month. Cancel anytime
- Scalability: Websites can enable FIDO2 via an API call across all supported browsers and platforms on billions of devices consumers use every day.
“Web Authentication as an official web standard is the pinnacle of many years of industry collaboration to develop a practical solution for stronger authentication on the web,” said Brett McDowell, executive director of the FIDO Alliance in a statement. “With this milestone, we're moving into a new era of ubiquitous, hardware-backed FIDO Authentication protection for everyone using the internet.”
WebAuthn is already implemented on sites such as Dropbox, Facebook, GitHub, Salesforce, Stripe, and Twitter. With it becoming the official standard, it is expected to have other sites use it leading to more password-free logins across the web.
Announcing W3C Publishing Working Group’s updated scope and goals
Microsoft Edge introduces Web Authentication for passwordless web security
It’s a win for Web accessibility as courts can now order companies to make their sites WCAG 2.0 compliant.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
South Africa
Thailand
Ukraine
Switzerland
Slovakia
Luxembourg
Hungary
Romania
Denmark
Ireland
Estonia
Belgium
Italy
Finland
Cyprus
Lithuania
Latvia
Malta
Netherlands
Portugal
Slovenia
Sweden
Argentina
Colombia
Ecuador
Indonesia
Mexico
New Zealand
Norway
South Korea
Taiwan
Turkey
Czechia
Austria
Greece
Isle of Man
Bulgaria
Japan
Philippines
Poland
Singapore
Egypt
Chile
Malaysia
