Safety and Security

FIDO And W3C Launch Password-Free Browser

Passwords

The FIDO Alliance and the World Wide Web Consortium (W3C) have announced the launch of Web Authentication (WebAuthn), a password-free browser that has the stamp of approval of Google, Microsoft and Mozilla.

WebAuthn defines a standard web API that can be incorporated into browsers and related web platform infrastructure so that users can securely authenticate on the web, in the browser and across sites and devices. There is no need to waste time entering in user names and passwords.

“With the new FIDO2 specifications and leading web browser support announced today, we are taking a big step forward towards making FIDO Authentication ubiquitous across all platforms and devices,” said Brett McDowell, executive director of the FIDO Alliance. “After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications.”

Google, Mozilla and Microsoft are all incorporating the final version of WebAuthn.

“Providing a password alternative that works across devices, apps, browsers, and websites delivers on our commitment to a future without passwords,” said Dave Bossio, Group Program Manager, Operating System Security, Microsoft. “We are excited to announce that we will add support for WebAuthn API, currently in the approval process stage, and W3C, in Microsoft Edge thanks to our work with the FIDO Alliance.”

The technology is also designed to eliminate the risks that come with entering in a password — including phishing, man-in-the-middle attacks and stolen credentials — through strong authentication that works through the browser or via an external authenticator.  For example, if a user is working from a laptop and visits a website that needs a login, with WebAuthn, the user is sent a prompt to check his phone. After tapping the prompt on the phone, the user is then logged in without ever having to enter in a user name or password.

“Security on the web has long been a problem which has interfered with the many positive contributions the web makes to society. While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions, we are eliminating this weak link,” stated W3C CEO Jeff Jaffe. “WebAuthn will change the way that people access the web.”

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

TRENDING RIGHT NOW