Think that passwords are too lacking in this increasingly information-sensitive world of data theft and keylogging? Thankfully, the FIDO Alliance and the World Wide Web Consortium (W3C) think so too, and they have approved a new authentication protocol which can change the way you log in to popular sites.
Called WebAuthn, the new method will instead require an external device such as a security key or a mobile phone nearby to access your accounts.
Using WebAuthn, users would get a prompt on their mobile phones when attempting to log in to a site. The prompt will only be generated when required. This will eliminate phishing attacks or man-in-the-middle problems. Meanwhile, developers can already start developing services that use the authentication.
Connectivity will be provided wirelessly via Bluetooth and NFC, or physically if convenient via USB for a hardware USB key. It’ll also make the use of biometrics, facial recognition, and other methods a much more practical solution to security problems in day-to-day usage.
The new protocol already has the major web browser makers on board, including Google with its Chrome 67, Microsoft with Edge and Mozilla with Firefox 60. This means it has a much better chance of success than its predecessor, the Universal Authentication Factor (UAF), which didn’t really take off. Apple is part of the working group behind WebAuthn, though, it hasn’t explicitly stated support with Safari.
WebAuthn is currently in Candidate Recommendation stage, meaning it’s just one step away from general availability. Yubico has already launched a new USB-based hardware key with support for the new FIDO2 and WebAuthn standards. It can be bought at the company’s store for $20.