In the digital world, passwords are often the root of all cybersecurity problems. Which is why Chrome, Edge, and Firefox browsers have taken steps towards reducing the need for them.
A new Web Authentication API is coming, designed to combat phishing. Through WebAuthn, signing up to a site will become simpler than ever. The new method involves registering a fingerprint, retina, or other biometric that the user stores in a smartphone.
The new solution takes advantage of public-key cryptography and ensures there’s a fresh pair of keys for every website registered to, thus eliminating the problem of password reuse.
In May, Firefox 60 and Chrome 67 are scheduled for release, and both will support the new technology. As soon as this goes live, here’s how the solution is going to look in practice: upon hitting the sign-up button, a smartphone user will receive a prompt to register with an authorisation gesture, which could be a PIN or a fingerprint.
After that, the choice gets linked to that account. Whenever the user wants to sign in again, the same gesture will be required to complete the process.
The API will allow application developers to offer similar sign-in processes to those that Google and Microsoft offer.
Nick Steele from Duo Security has recently noted that WebAuthn draws on the UAF standard, but has several technical advantages compared to it. This is important for its long-term prospects, and – perhaps most importantly – Microsoft, Google, and Mozilla are backing it.