Huh, passwords! Don’t you hate them? I know you are supposed to love them as they keep you safe and ensure you keep your private things ‘private.’ What if you could be assured of the same level of privacy and security without you ever having to deal with passwords? Password-free login is the dream of many end users.
Industry stakeholders ranging from security researchers and privacy advocates have been working around the clock to end reliance on the multi-character passwords. You know, the upper case, lower case, space, numbers, and characters text string combination used in coming up with a ‘strong password.’ Then you are required to remember it in your head; well these days you really don’t have to, thanks to password managers.
The best password-free logins have been the use of biometric verification and behavioral data in proving the user’s identity. None of these attempts have effectively taken us to the ‘promised land of Canaan.’
A new web standard WebAuthn, promise password-free logins
There is a new web standards security researchers have been working on for some time now, which could make password-free logins a reality. Their research has achieved a milestone step towards making secure authentication and “probably the most effective anti-phishing measure for the web that’s out there,” says Selena Deckelmann, a senior director of engineering at Mozilla Firefox.
WebAuthn sets new rules for the web, that should it be integrated into the mainstream browsers and most websites, users could use a single device or one fingerprint swipe to log in to every account online.
Can WebAuthn overcome the hurdles other attempts to Password-Free logins attempts failed?
WebAuthn is not the first attempt to do away with passwords; there have been numerous attempts before it, most of which did not go very far with regards to satisfying security experts that they’re foolproof.
WebAuthn has also fallen into the same trap, and already some security and identity experts seem skeptical about giving it the green light. The main problem comes down to whether big websites such as Facebook, Google, and Amazon will adopt its new standards.
What are the new authentication standards?
The WebAuthn standard uses the joint effort of World Wide Web Consortium (WC3) and the FIDO Alliance. The FIDO Alliance refers to a consortium of tech and finance companies chaired by online identity experts; ‘FIDO stands for Fast Identity Online.’
WebAuthn is built on the two pre-existing FIDO specifications – the UAF and the U2F – both of which form the framework for 2FA (two-factor authentication) that some websites are already using.
The 2FA login process has proven to be a foolproof way of authenticating the user compared to just asking for the password. While all non-password authentication is referred to as secondary logging in option. WebAuthn wants the browsers to handle the sign-ins natively. Tech companies like Microsoft, Google, and Mozilla have already jump on board this mission, that’s a great boost for WebAuthn bid to become mainstream log in option.
Should WebAuthn get the green light from all the stakeholder and it becomes the standard authentication tool for all your online accounts. You could only need to plug in a physical dongle to your computer and access all your accounts online, or you could use the biometric fingerprint scanner to log in.
Although the very initial login will require you enter passwords; and perhaps a second authentication. From there onwards, all your online accounts will be handled by your browser.