The FIDO Alliance and the World Wide Web Consortium (W3C) have announced the launch of Web Authentication (WebAuthn), a password-free browser that has the stamp of approval of Google, Microsoft and Mozilla.
WebAuthn defines a standard web API that can be incorporated into browsers and related web platform infrastructure so that users can securely authenticate on the web, in the browser and across sites and devices. There is no need to waste time entering in user names and passwords.
“With the new FIDO2 specifications and leading web browser support announced today, we are taking a big step forward towards making FIDO Authentication ubiquitous across all platforms and devices,” said Brett McDowell, executive director of the FIDO Alliance. “After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications.”
Google, Mozilla and Microsoft are all incorporating the final version of WebAuthn.
“Providing a password alternative that works across devices, apps, browsers, and websites delivers on our commitment to a future without passwords,” said Dave Bossio, Group Program Manager, Operating System Security, Microsoft. “We are excited to announce that we will add support for WebAuthn API, currently in the approval process stage, and W3C, in Microsoft Edge thanks to our work with the FIDO Alliance.”
The technology is also designed to eliminate the risks that come with entering in a password — including phishing, man-in-the-middle attacks and stolen credentials — through strong authentication that works through the browser or via an external authenticator. For example, if a user is working from a laptop and visits a website that needs a login, with WebAuthn, the user is sent a prompt to check his phone. After tapping the prompt on the phone, the user is then logged in without ever having to enter in a user name or password.
“Security on the web has long been a problem which has interfered with the many positive contributions the web makes to society. While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions, we are eliminating this weak link,” stated W3C CEO Jeff Jaffe. “WebAuthn will change the way that people access the web.”