Phishing attacks have been tricking victims into handing credentials over to scammers for years. It's one of the most effective tools in the criminal handbook.
Once a scammer has your passwords there is all kinds of damage they can do. Just think if they were able to gain access to your bank account online. Yikes!
Well, there might be a solution that will end this problem. A new version of Google Chrome could make passwords obsolete.
How is this possible?
A new online authentication system is being rolled out soon and it can revolutionize the way we secure our online accounts (and make them safer too). It's a new way to log into websites...one without passwords. It's through the magic of W3C Web Authentication API, also known as WebAuthn, for short.
Instead of using the oldschool username and password system, WebAuthn will finally let you use your biometric data like fingerprints, retina scans, facial recognition data, to register and sign in to a site. Which biometric data you can use depends on your gadget, for example, iPhone X users will be able to log in with facial recognition.
Hopefully, this will provide better protection against phishing attacks and data breaches and move us a step closer to a truly password-free world.
Google's Chrome 67 will be rolling this technology out in the next few weeks. The new feature will need to be integrated into websites before Chrome users can access it. There's no timeline on when that will happen.
Sites that enable the new technology will have the passwordless option as its default setting. However, if you want to stick with the username and password option you can. You'll just have to change the default setting on the site.
This really is outstanding technology
Once WebAuthn is enabled on a site, you can then sign in to your account (or create a new one) then pair it with your phone to register an "authorization gesture." That gesture can be your fingerprint, retina scan, PIN or facial recognition data.
When paired, you can simply use that gesture to sign in to the website in the future. Think of it as similar to two-factor authentication but it uses your phone and biometric data instead.
These are the different scenarios in which WebAuthn can be used. Here's what to expect:
Registration on the phone:
- User signs into an existing account using a password or registers a brand new account
- The phone will then ask "Do you want to register this device with this website?"
- If the user agrees, the phone will then prompt for an authorization gesture (fingerprint, facial scan, PIN, etc.)
Authentication on a computer:
- User signs into a website using a browser and sees a "Sign in with your phone" option
- If the user selects this option, the browser will then display this message "Please complete this action using your phone"
- User's phone will display a prompt/notification
- A prompt for the saved authorization gesture (fingerprint, facial scan, PIN, etc.) will then appear
- User signs in with the selected gesture
If this method becomes the de facto standard for online credentials, it can switch users from using passwords to their personal devices instead. This will make phishing attacks more difficult, if not impossible, to execute. How cool is that?!
Looking for more security? Here's how to delete your Google search history
Unfortunately, Google - like other online companies - collects an incredible amount of information about you. The good news is, you can do this one thing to protect your privacy from people who might use your personal information against you.