International. The World Wide Web Consortium (W3C) has just approved the Web Authentication API, also known as the WebAuthn standard, which is a new way to log in to websites without passwords.
W3C's WebAuthn Recommendation is a browser/platform standard for simpler and stronger authentication. It is already compatible with Windows 10, Android and Google Chrome web browsers, Mozilla Firefox, Microsoft Edge and Apple Safarii (preview). WebAuthn allows users to log into their internet accounts using their preferred device, W3C said.
"Now is the time for web services and businesses to adopt WebAuthn to go beyond vulnerable passwords and help web users improve the security of their online experiences," said Jeff Jaffe, CEO of W3C. "The W3C Recommendation establishes a web-level interoperability guideline, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site."
With FIDO2 and WebAuthn, W3C said, the global tech community has come together to provide a shared solution to the shared password problem. FIDO2 addresses all traditional authentication issues:
- Security: FIDO2 cryptographic login credentials are unique across websites, biometric data or other secrets, such as passwords, never leave the user's device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft, and repeat attacks.
- Convenience: Users log in with simple methods, such as fingerprint readers, cameras, FIDO security keys, or their personal mobile devices.
- Privacy: Because FIDO cryptographic keys are unique to each Internet site, they cannot be used to track users across all sites.
- Scalability: Websites can enable FIDO2 through a simple API call across all supported browsers and platforms on billions of devices that consumers use every day.
"The web authentication component of FIDO2 is now an official W3C web standard, a major achievement that represents many years of collaboration in the industry to develop a practical solution for phishing-resistant authentication on the web," said Brett McDowell, executive director of FIDO Alliance. "With this milestone, we are moving into the next phase of our shared mission to deliver simpler and stronger authentication for everyone who uses the internet today and for years to come."
Leave your comment