New Web format seeks to make your passwords obsolete
It looks like soon users will be able to use iPhone-like FaceID authentication to log into websites. According to a new web standard, the password-free login will allow users to log in to their accounts without touching the keyboard.
Launched by the Fido Alliance and W3C, the new Web authentication standard is encrypted and can replace passwords as well as come as an additional security layer over the existing techniques like fingerprint readers, cameras and USB keys.
An abstract from the W3C website states that “This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the user agent in conjunction with the web application.”
The first to adopt this tech is Mozilla Firefox while Google Chrome and Microsoft Edge are said to be working on it and are likely to support it ‘in next few months’. Opera browser is also said to support this login standard. However, there is so far no word yet on Apple’s Safari adopting the new Web authentication login process.
The W3C website adds that on phone then a user signs into a website, the phone will then prompt if they want to “register this device with example.com?” On agreeing to this, the phone will ask users for a previously configured authorization gesture (PIN, biometric, etc.).
Once authorized, the website will show the message “Registration complete.”
On desktop, the website will ask users to perform the same steps from their handsets.
To make this a reality, not only the developers need to implement it on their websites but the smartphones too should have face recognition tech onboard. Tech giant like Google, Apple and Microsoft also need to make their browsers support the new standard.