EMERGING TECH
EMERGING TECH
EMERGING TECH
WebAuthn password-free login standard starts rolling out to major browsers
Two of the key bodies overseeing the Internet’s evolution today reached a major milestone in their effort to provide an alternative to password-based security.
The FIDO Alliance and W3C, the main group developing technical standards for the web, this morning announced that a piece of technology called WebAuthn has achieved the Candidate Recommendation stage. This means that it’s ready to start rolling out to consumers in the form of browser integration.
The Mozilla Foundation, the nonprofit organization behind Firefox, is the first major player to add support for WebAuthn, which enables users to log into online services without a password. Instead, consumers can use their mobile device or a specialized security key such as the kind sold by Yubico AB. Google LLC and Microsoft Corp. plan to roll out the technology for their respective browsers in coming months.
Apple Inc. has not yet shared whether it plans to do the same with Safari. But the iPhone maker will likely add support for WebAuthn sooner or later, given that several of its engineers took part in the creation of the standard.
The move to advance the technology to the Candidate Recommendation stage, one of the last stops before final approval, follows two years of development work by Apple, Google, Microsoft and several other major tech firms. The National Institute of Standards and Technology contributed to the effort as well.
The broad participation in the project reflects just how important of a purpose WebAuthn aims to serve. Reducing consumers’ reliance on passwords could help mitigate the threat posed by hacking tactics such as phishing, which involves tricking people into sharing their login credentials.
Requiring a physical device instead of a password to sign into an account effectively means an attacker is left with nothing to steal. For the same reason, WebAuthn should also be effective against man-in-the-middle and session rewind attacks that intercept login data sent over insecure connections.
Currently, only a few tech firms let users sign into their services using a physical authentication device. The FIDO Alliance and W3C hope that the addition of WebAuthn support to major browsers will make it easier for developers to implement the approach, thus widening adoption. But there’s likely still a long way to go before consumers can replace passwords with hardware-based authentication as their go-to login method.
Image: Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
