New standard brings stronger authentication to browsers
In a move to bring simpler yet stronger web authentication to internet users, the FIDO Alliance and the World Wide Web Consortium (W3C) are launching a new standard called Web Authentication (WebAuthn).
WebAuthn enables online service providers to offer FIDO Authentication through web browsers. FIDO Authentication makes web access more secure because it uses unique encrypted credentials for each site, eliminating the risk that a password stolen from one site can be used on another.
WebAuthn defines a standard web API that can be incorporated into browsers and related web platform infrastructure. This gives users new methods to securely authenticate on the web, in the browser and across sites and devices. Once deployed it means people can access web services securely through their browser by touching a fingerprint sensor, looking at a camera or inserting a security key, in place of, or in addition to entering a password -- from their mobile phone or PC.
Google, Microsoft, Mozilla and Opera have all committed to supporting the WebAuthn standard in their flagship browsers. This functionality is available now in Firefox and will be rolled out natively in Chrome and Edge over the next few months.
"With the new FIDO2 specifications and leading web browser support announced today, we are taking a big step forward towards making FIDO Authentication ubiquitous across all platforms and devices," says Brett McDowell, executive director of the FIDO Alliance. "After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications."
The standardization of the new FIDO2 specifications in browsers and operating systems will further expand the reach of FIDO Authentication, which is referenced by regulators and standards-setting bodies worldwide and is already available on hundreds of millions of devices and offered to more than 3.5 billion user accounts worldwide through services from companies including Google, Facebook, Bank of America and more.
You can find out more about WebAuthn on the W3C website.