W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins. Major browsers and platforms have built-in support for new Web standard for easy and secure logins via biometrics, mobile devices and FIDO security keys.
A friendly solution to password theft, phishing and replay attacks – W3C says “It’s common knowledge that passwords have outlived their efficacy. Not only are stolen, weak or default passwords behind 81 percent of data breaches, they are a drain of time and resources. According to a recent Yubico study, users spend 10.9 hours per year entering and/or resetting passwords, which costs companies an average of $5.2 million annually. While traditional multi-factor authentication (MFA) solutions like SMS one-time codes add another layer of security, they are still vulnerable to phishing attacks, aren’t simple to use and suffer from low opt-in rates.
With FIDO2 and WebAuthn, the global technology community has come together to provide a shared solution to the shared password problem. FIDO2 addresses all of the issues with traditional authentication:
- Security: FIDO2 cryptographic login credentials are unique across every website, biometrics or other secrets like passwords never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.
- Convenience: Users log in with convenient methods such as fingerprint readers, cameras, FIDO security keys, or their personal mobile device.
- Privacy: Because FIDO keys are unique for each Internet site, they cannot be used to track you across sites.
- Scalability: websites can enable FIDO2 via simple API call across all supported browsers and platforms on billions of devices consumers use every day.
“Web Authentication as an official web standard is the pinnacle of many years of industry collaboration to develop a practical solution for stronger authentication on the web,” said Brett McDowell, executive director of the FIDO Alliance. “With this milestone, we’re moving into a new era of ubiquitous, hardware-backed FIDO Authentication protection for everyone using the internet.”
Read more –
W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins
Google Chrome – Enabling Strong Authentication with WebAuthn
Microsoft Edge – Web authentication and Windows Hello
Firefox – Using Hardware Token-based 2FA with the WebAuthn API