The web just got an official password-free login standard
Web Authentication (aka WebAuthn) has been a de facto standard for no-password web sign-ins for a while given that many tech giants are already using it, but now it’s official. The World Wide Web Consortium and the FIDO Alliance have finalized the Web Authentication format, making it the go-to option for logging into accounts with potentially greater security and convenience than typing in your credentials. If a site supports it, you can get in using biometrics (such as fingerprints or facial recognition), USB security keys, or nearby mobile devices like phones and smartwatches.
The technology links unique encrypted login details to each website, reducing the risks of phishing, keystroke logging and other attacks that watch for your input. It’s also theoretically more private when those same unique site credentials prevent across-the-web tracking.
You don’t really have to wait for the software you use to support Web Authentication. It’s already supported on a system level in Android, Chrome OS and Windows 10 as well as most common browsers, including Chrome, Edge, Firefox and Safari. The greater challenge is convincing the sites themselves to use this method — there are many, many web pages, and not all of them will be in a rush to ditch passwords. An official standard could still boost adoption, though, if just by reassuring site operators that Web Authentication won’t vanish overnight.
(30)