Could this be it? Have passwords finally gone the way of the dodo? This might be the case, according to the World Wide Web Consortium (W3C). Their solution? WebAuthn, or Web Authentication, which is a standard that allows users to verify their identity more securely than with a password. W3C CEO Jeff Jaffe said in a statement, “While there are many Web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multifactor solutions, we are eliminating this link.” Let’s take a look at specifically what WebAuthn is and how it will replace passwords:
What it is
In place of passwords, this credential management API will be adopted by and built into web browsers and mobile operating systems (OS). In fact, Mozilla, Microsoft, and Google have already confirmed their support for WebAuthn for use in their browsers. Furthermore, Mac, Windows, Linux, Android, and Chrome OS have already started to implement this standard as well.
How it works
WebAuthn aims to do away with passwords all together. Passwords can easily be guessed, as he information within them is usually important and significant to the user, unless it is a randomly generated password. Instead, WebAuthn will use an outside authenticator like a smartphone, a hardware security module (HSM) or a trusted platform module (TPM). Basically, WebAuthn uses cryptographic logic, which means stronger authentication sources. These sources can even include biometrics, similar to Apple’s Face ID or Touch ID. If you’ve ever logged into iCloud.com on a desktop, you have to authenticate your login attempt on either your smartphone or email by typing in a code sent to the specified location. This is called Two-Factor Authentication and it already exists, obviously, but WebAuthn will work very similarly, and the aim is for it to be standard across all platforms.
While this news may be exciting for those of us who are tired of memorizing passwords, it will take at least another year before this technology appears on platforms. This is because it is still being developed and they’re working out the kinks and trying to debug the system. In the meantime, keep up with our blog as we provide you with information about new and developing technologies. For information about computer security, contact M&H Consulting by phone at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com.
Categorised in: computer, hacking, in the news, Password, Security