Some promising technologies are underway to enable web users to do away with passwords, especially when accessing web browsers Internet standards organizations the FIDO Alliance and W3C have launched a new specification WebAuthn that allows web browsers and websites to support biometric encryption methods in place of passwords.
The specification is an application programming interface (API) that Web developers can integrate into their websites and allow fingerprint readers and even face scanners like Apple’s Face ID to verify a person’s identity.
According to Engadget, which earlier reported on WebAuthn, Firefox already works with the technology.
Google’s Chrome and Microsoft Edge are slated to add support for WebAuthn within the next few months. Apple, which operates its Safari browser, has yet to announce support for WebAuthn. The move could technically create a more secure Internet. As the rash of hacks, scams, and data breaches have shown over the last several years, passwords alone are not necessarily a suitable safeguard for data.
Companies have moved to two-factor authentication, which requires users to input a code sent to their smartphones in addition to a password to verify their authenticity, but that still isn’t as secure as biometrics.
It will also go a long way to help people who easily forget their password and subject themselves to series of hacks because they use simple passwords which could easily be remembered. Most people pick crappy passwords, and that inevitably leads to trouble.
Apple, at its iPhone unveiling in September last year, talked in detail about biometric security. The company said that its Touch ID fingerprint scanner could be duped in 1 in 50,000 cases.
That jumped to 1 in 1 million cases with its Face ID face scanner. Either way, that’s better than a simple password. While WebAuthn has officially been launched, and served as a “recommendation” and could be modified before it becomes a standard, password is not expected to die anytime soon.
The recommendation paves the way for websites and browsers to support alternatives to passwords, but now the onus is on website owners and browser companies to support it.
