Online Passwords Are Going Away Thanks to FIDO Alliance and W3C

Think that passwords are too lacking in this increasingly information-sensitive world of data theft and keylogging? Thankfully, the FIDO Alliance and the World Wide Web Consortium (W3C) think so too, and they have approved a new authentication protocol which can change the way you log in to popular sites.

Called WebAuthn, the new method will instead require an external device such as a security key or a mobile phone nearby to access your accounts.

No Phishing

Using WebAuthn, users would get a prompt on their mobile phones when attempting to log in to a site. The prompt will only be generated when required. This will eliminate phishing attacks or man-in-the-middle problems. Meanwhile, developers can already start developing services that use the authentication.


How to Check if Your Password Has Been Hacked or Not

Connectivity will be provided wirelessly via Bluetooth and NFC, or physically if convenient via USB for a hardware USB key. It’ll also make the use of biometrics, facial recognition, and other methods a much more practical solution to security problems in day-to-day usage.

Rallying Support

The new protocol already has the major web browser makers on board, including Google with its Chrome 67, Microsoft with Edge and Mozilla with Firefox 60. This means it has a much better chance of success than its predecessor, the Universal Authentication Factor (UAF), which didn’t really take off. Apple is part of the working group behind WebAuthn, though, it hasn’t explicitly stated support with Safari.

WebAuthn is currently in Candidate Recommendation stage, meaning it’s just one step away from general availability. Yubico has already launched a new USB-based hardware key with support for the new FIDO2 and WebAuthn standards. It can be bought at the company’s store for $20.

Via TechCrunch

  • bilal

    Google already using phone unlpck mechanism and it seems similar to this