We have been using Passwords to secure our online accounts for a long period of time. However, passwords can sometimes be challenging if the service is hacked and the information leaked, or the people generating these passwords create weak ones.
In spite of the obvious weaknesses of the passwords and it being a standard, for a long time, we’ve been patiently waiting for another structure that could do away with it completely, and it seems there’s one in the process.
The World Wide Web Consortium (W3C) and FIDO Alliance (Fast IDentity Online) have finished a new Web Authentication system that is geared to securely authenticate cross sites and devices.’
“The Web Authentication API (Web Authn API) uses asymmetric (public key) cryptography instead of passwords or SMS texts for registering, authentication and second factor authentication with websites,” they said.
Reason why this is very important is that this new system will solve issues that we saw with the current password systems which include phishing, data breaches and attacks on second factor authentication systems.
Using this new Web Authn API, users will be able to login using a single gesture using internal/ built in authenticators (fingerprint or facial biometrics) in PCs and phones or external authenticators like security keys and mobile devices.
Apparently this system is better since user credentials and biometric templates never leave the user’s device and stored on servers and accounts are protected from phishing.
This technology is being tested on Firefox under ‘experimental technology’ but you will see it being supported on other browsers since Google and Microsoft have committed in supporting this new standard. Apple is conspicuously missing from this list