On Wednesday, Mozilla released its Firefox 60 browser, moving a step closer to password-free login for several websites. Equipped with WebAuthn, this new standard in authentication technology does away with several passwords to reduce phishing attacks.
The World Wide Web Consortium (W3C) and FIDO Alliance jointly developed WebAuthn, which has been years in the making. It is a secure login standard that relies on physical authentication devices, such as biometrics and USB tokens, instead of passwords to grant website access. That’s because reliance on passwords has been identified as one of the “weakest links” in web security.
— TechRadar (@techradar) April 10, 2018
Passwords have been the de facto method of logging in anywhere on the Internet. However, it gets problematic when login credentials are re-used on multiple websites. And even with combinations of characters, uppercase and numbers, passwords often do not provide sufficient cybersecurity. Using phishing scams, criminals have resorted to creating fake websites to weasel out login details and personal information from unsuspecting users.
Tech experts pointed out that passwords will still be relevant, and a post-password future is still far from happening. Fortunately, WebAuthn is a nudge towards making sites more secure and resistant to data breaches and password theft.
Physical authentication keys are nothing new as numerous tech firms with the need for tight cybersecurity already have their own drivers in place. The type of authentication is currently implemented on Google and Facebook and allows easy login through a YubiKey token. As an open-source code with commonly available libraries, WebAuthn lets other developers implement password-free logins across the web.
Although Mozilla is the first to come out with the WebAuthn support, Google and Microsoft will add the function to their updated flagship browsers in the coming months. The move is expected to be an improvement to web authentication, compared to prior attempts. Moreover, WebAuthn is capable of supporting older authentication hardware so early adopters don’t have to go back to square one.