Managing passwords is always a pain and substantially important with the ongoing data breaches. While managing them on phones is easy as you need to login only once, but, when it comes to the browsers, it can be a little tough in organising them. Even though the frequently used browsers provide their own set of password managers, the WC3 Web has created an API that will get rid of this password login and promises to make the authentication hassle free.
“Security on the web has long been a problem which has interfered with the many positive contributions the web makes to society. While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link,” stated W3C CEO Jeff Jaffe. “WebAuthn will change the way that people access the web.”
The popular browsers like Chrome, Firefox and Edge will support this new Web Authentication API in the future. It promises to give more protection against phishing and also reducing the need for passwords. WebAuth claims to bring a simpler and easy way of signing up on a site, instead of the standard username and password authentication. With this new API, the user would be able to register using his biometrics that includes fingerprint, facial recognition and retina scanning (IRIS), which are stored on a users’ smartphone.
This new authentication system relies on public-key cryptography and safeguards each site, which a user signs up and has its own set of key pairs. This might be the replacement of re-using of same regular passwords. In the coming months, when the API goes live, a user who would sign up on any site will receive a prompt on his/her smartphone asking the user to register. The user then needs to provide an ‘authorisation gesture’, which can be a PIN or a fingerprint that eventually gets linked to the respective account. Later on, the users will have to use the same gesture registered for authentication on the respective site.
This new WebAuth API will be activated by default for the upcoming Chrome 67 and Firefox 60 updates. For the Microsoft Edge browser, this API integration is still in process, while Apple Safari browser doesn’t currently support WebAuth yet.