The password has long been considered as the weakest link in online security.
Cybercriminals use phishing scams, data breaches, password reuse and brute force attacks to steal your credentials in plain sight in hopes of breaking into your personal accounts.
Although you can employ specific strategies to protect your accounts like crafting long and unique passwords across all your accounts, two-factor authentication, and password managers, we could all agree that the old password system is clunky and extremely susceptible to various attacks.
Maybe it’s about time we get rid of the password and have something better take its place.
Thankfully, we won’t have to wait for long. A new online authentication system is being rolled out soon and it can revolutionize the way we secure our online accounts (and make them safer too.)
No more passwords? Sign me up!
Coming soon to a web browser near you is a new way to log into websites – one without passwords!
How’s that even possible? It’s through the magic of the upcoming W3C Web Authentication API, also known as WebAuthn, for short.
Instead of using the archaic username and password system, WebAuthn will finally let you use your biometric data like fingerprints, retina scans, facial recognition data, to register and sign in to a site.
Hopefully, this will provide better protection against phishing attacks and data breaches and move us a step closer to a truly password-free world.
What browsers will support it?
Currently, Mozilla Firefox (version 60) already supports WebAuthn. It is also expected to be turned on by default in Chrome version 67.
Microsoft Edge is expected to be updated with WebAuthn support in the next few months.
Apple’s Safari browser doesn’t support WebAuthn yet but it already has personnel assigned to its Web Authentication group so we expect it to be rolled in future updates too.
How will it work?
Once WebAuthn is enabled on a site, you can then sign in to your account (or create a new one) then pair it with your phone to register an “authorization gesture.” That gesture can be your fingerprint, retina scan, PIN or facial recognition data.
When paired, you can simply use that gesture to sign in to the website in the future. Think of it as similar to two-factor authentication but it uses your phone and biometric data instead.
These are the different scenarios in which WebAuthn can be used. Here’s what to expect:
Registration on the phone:
- User signs into an existing account using a password or registers a brand new account
- The phone will then ask “Do you want to register this device with this website?”
- If the user agrees, the phone will then prompt for an authorization gesture (fingerprint, facial scan, PIN, etc.)
Authentication on a computer:
- User signs to a website using a browser and sees a “Sign in with your phone” option
- If the user selects this option, the browser will then display this message “Please complete this action using your phone”
- User’s phone will display a prompt/notification
- A prompt for the saved authorization gesture (fingerprint, facial scan, PIN, etc.) will then appear
- User signs in with the selected gesture
How will this affect us?
If this method becomes the de facto standard for online credentials, it can switch users from using passwords to their personal devices instead. This will make phishing attacks more difficult, if not impossible, to execute.
Is it finally time to retire the old password system? With WebAuthn support rolling out, the future certainly looks bright for a world without passwords.
The Dark Web has your online identity for sale – Here’s how to protect yourself
Speaking of stolen accounts, did you know your entire online identity may be up for grabs on the Dark Web for cheap? Click here to read about this sobering possibility and learn how to protect yourself.