The World Wide Web Consortium (W3C) has just approved a new web standard for logins, termed WebAuthn, which primarily aims to replace using passwords as a way of securing your online accounts. WebAuthn is already a part of many browsers, including Chrome, Firefox, Edge, and Safari. However, with WebAuthn now an official web standard, this would pave way for its wider adoption, including individual websites.
WebAuthn (short for Web Authentication) “is a browser and platform standard for simpler and stronger authentication processes,” according to W3C and the FIDO Alliance. With the WebAuthn API, websites will communicate with a security device before letting a user log into their service. The security device it seeks can be anything from a simple FIDO security key that can be plugged into a USB port to a complex biometric device used for multi-factor authentication. The point to note is – WebAuthn is simpler, yet more secure than the weak (and mostly same) passwords people often use for different websites.
"It's common knowledge that passwords have outlived their efficacy," the organizations wrote in a press release. "Not only are stolen, weak or default passwords behind 81 percent of data breaches, but they are also a drain of time and resources." It also said that multi-factor authentication solutions like OTPs (one-time passwords) “may add an additional level of security, but there’s still no guarantee… they aren’t simple to use and suffer from low opt-in rates.”
On the other hand, “WebAuthn’s security and privacy protections, built-in phishing resistance and ease-of-use give it the potential to drive widespread adoption across the enterprise and consumer markets, making everyone safer as a result,” said Duo Security senior R&D engineer James Barclay.