Do you hate entering passwords to log into websites all the time? Well, you're not alone. Things are about to change now with the World Wide Web Consortium (W3C) officially declaring the Web Authentication API (WebAuthn) as a Web standard. In simple terms, the standard enables password-free logins on websites. The standard was initially announced back in 2015. It is now supported by W3C's contributors, which include Apple, Google, Microsoft, Intel, IBM, Mozilla, and others. Dropbox was the first to integrate WebAuthn, followed by Microsoft.
WebAuthn will allow users to log into websites using their biometrics, mobiles, or FIDO security keys. The standard is also supported by Android and Windows 10. Web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox have already added support for WebAuthn while Apple's Safari is currently supporting it in preview versions.
The announcement will further fuel the move towards a password-free Web. Passwords are vulnerable and have to be paired with multiple levels of authentication for added security.
In an official statement, W3C and FIDO Alliance said, "It's common knowledge that passwords have outlived their efficacy. Not only are stolen, weak, or default passwords behind 81 percent of data breaches, they are a drain of time and resources."
With WebAuthn becoming an open standard, a lot of Web services are expected to jump in and embrace it. The standard promises much higher security compared to using passwords alone.
WebAuthn is a core part of FIDO Alliance's FIDO2 specifications. It is a standard that aims to offer an alternative to conventional forms of authentication in various ways. FIDO2 looks to address security, convenience, privacy, and scalability.
FIDO2's login details are unique across each website while users' biometrics never leave their devices and aren't even stored on a server. As for convenience, users are able to easily login using simple fingerprint readers, physical security keys or their mobile devices.
FIDO keys are unique for each website, therefore it takes care of a user's privacy since it can't be used to track them.
You should expect to see a lot of web services implementing WebAuthn in the coming few months, making lives easier for their users.