With the unified opinion that passwords are increasingly insecure, Chrome, Firefox and Edge browsers are following in the footsteps of Yahoo to get rid of them entirely. This is thanks to the WebAuthn open standard which is already supported on Firefox, and is soon to make it over to Chrome and Edge in the coming months.
WebAuthn has been around for quite some time, however developers the World Wide Web Consortium (W3C) and FIDO Alliance have finally been able to progress on the technology thanks to the reveal of FIDO2’s security specifications.
The technology is intended to facilitate better implementation of the new FIDO2 protocol, helping to forgo passwords in favour of biometrics and hardware-based authentication such as USB tokens. Given its open-source nature, it means that this technology will be able to spread much easier than proprietary methods introduced in the past.
“Previously, the work to support tokens was happening among big companies like Google, Microsoft and Facebook, which would implement their own drivers,” says Selena Deckelmann, who worked on Firefox’s implementation. “With WebAuthn, you’ll be able to use commonly available libraries.”
Despite being available in Firefox and soon both Chrome and Edge, Apple has still yet to voice its support for the WebAuthn API within its Safari browser. The company is a part of the alliance working on the new security standard, however, so it might just be late to the party.
Overall, WebAuthn won’t necessarily replace all passwords immediately, instead acting as a step in two-factor authentication in some cases as ridding the de facto login methods will prove a task in its own right. Either way, phishing attacks and password leaks are about to get a lot less detrimental.
Discuss on our Facebook page, HERE.
KitGuru Says: We always advise two-factor authentication when available and even password managers to lock access to sensitive information down as tightly as you can. It’s good to see progression on the security front as it does seem like passwords are becoming more and more redundant as time goes on. Will you be making use of USB keys and biometric security?