Good news for security nerds (and the rest of us, really): WebAuthn (short for Web Authentication), a standard for authenticating your identity on the internet, has now been ushered in as an official standard by the World Wide Web Consortium and the FIDO Alliance. That means you’ll soon be able to use hardware devices, like USB security keys and biometric scanners, to securely log into web apps and services.
It also means you won’t need to remember passwords to access your accounts (though you should already be using a password manager to help with that).
The WebAuthn standard is already supported by popular browsers like Chrome, Firefox, Safari, and Microsoft Edge. All that’s left is for websites to adopt the API, and allow users the option to log in via WebAuthn-supported hardware.
It’s worth noting that Google already offers a similar option to log into its services using a hardware key; you’ll need to purchase two of them to sign up for it (one of them serves as a backup), and it’ll set you back by roughly $35-$45 for a set. These keys simply require you to plug them into your desktop’s USB port or connect to your system via Bluetooth. Some options also provide an additional layer of security by requiring you to authenticate yourself with a fingerprint.
Once this system of authenticating via secure hardware goes mainstream, people will have far less of a reason to re-use their old passwords. That should make them less prone to identity theft through data breaches of major online services, since hackers are known to try out the same username-password combination across several web apps to gain access to them.
Hopefully, we’ll see our favorite services adopt WebAuthn right quick, and hardware keys become more widely and cheaply available, so we can stop worrying about passwords and breaches quite as much as we do now.
TNW Conference 2019 is coming! Check out our glorious new location, inspiring line-up of speakers and activities, and how to be a part of this annual tech extravaganza by clicking here.