WebAuthn arrives, the new standard to replace the passwords of the webs with your fingerprint

in #security7 years ago

The standards organizations W3C and FIDO Alliance have presented WebAuthn today with the support of Google, Microsoft and Mozilla. It is a new open standard to identify yourself in different services with the browser without the need to use a password. Instead, users can identify themselves with biometric data such as fingerprints, tokens for hardware or specific applications.

This new standard has been developed for a couple of years now, and its coming out today is one of the last steps before starting to implement them. When this happens, instead of using a password to identify us in a service, we can use specific applications or our fingerprint as we do to enter the mobile.

This is something that already today some companies already implement in some devices. However, the arrival of an open standard will make all companies and services swim in the same direction, and thanks to its open source technologies small developers have easier to implement it too.

Firefox has already started using it in its latest version, while Chrome and Edge have made sure that they will start implementing it in the coming months. In Opera they have also committed to adopt it without giving specific dates, just as an Apple ensures that it already has its Webkit engine equipment and the App Store starting to work on it.

"Before, the work to support the tokens was happening between big companies like Google, Microsoft and Facebook, which would implement their own controllers," explained Selena Deckelmann, of the Firefox implementation team. "With WebAuthn, you can use commonly available libraries."

In this way, the Web Authentication standard (WebAuthn) goes out of step with the trend we are seeing on mobile devices and some computers can unlock them with our fingerprints. As they have said since FIDO Alliance, the standard is already being implemented by services such as Bank of America, Paypal or eBay in their native mobile applications.

The next step is to take it to the devices

Once the technology that the webs have to implement to be able to use WebAuthn is implemented, the next step is to give users devices or applications with which they can identify themselves. That is why companies like Google and Microsoft have already assured that they are working to take it to mobile and desktop devices.

For example, all Windows 10 users will be able to identify themselves on websites with biometric parameters thanks to the implementation of WebAuthn in Windows Hello. Meanwhile, Google will use the Android Fingerprint API to be able to use it on mobile devices.

Passwords are still one of the weakest points in the security of our online accounts, and what we want to do with WebAuthn is to replace them or at least make them the second verification vector to enhance their security. It is hoped that eventually cybercriminals will find techniques to falsify these forms of identification, but it is important to take a step forward to make it more difficult.