WebAuthn: The new web standard aims to make passwords obsolete | HT Tech

WebAuthn: The new web standard aims to make passwords obsolete

The new WebAuthn web standard is said to eliminate the risks of phishing, all forms of password theft and replay attacks.

By: KUL BHUSHAN
| Updated on: Mar 05 2019, 17:28 IST
New web standard for secure, passwordless logins
New web standard for secure, passwordless logins (Getty Images/iStockphoto)

The World Wide Web Consortium (W3C) and the FIDO Alliance on Monday elevated the Web Authentication (WebAuthn) as an official web standard. The move is believed to be a big step towards making the internet safer and more secure for users around the world.

The new web standard paves way for a simpler and stronger authentication, according to the consortium. The Consortium has asked the internet services to enable the web standard to allow users to log in more securely through security keys and even biometrics. The standard is already supported by major platforms including Windows 10, Android, Google Chrome, Mozilla Firefox and Microsoft Edge.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

"Not only are stolen, weak or default passwords behind 81% of data breaches, they are a drain of time and resources. According to a recent Yubico study, users spend 10.9 hours per year entering and/or resetting passwords, which costs companies an average of $5.2 million annually. While traditional multi-factor authentication (MFA) solutions like SMS one-time codes add another layer of security, they are still vulnerable to phishing attacks, aren't simple to use and suffer from low opt-in rates," said W3C and FIDO Alliance in a release.

Also read
Looking for a smartphone? To check mobile finder click here.

WebAuthn can be implemented as an API which will allow sites to connect with a security device when a user logging into their accounts. The security device could range from a biometric-based device or a simpler USB token. TheVerge reports that WebAuthn is a more secure way of logging into accounts that the weak passwords users have some of their accounts. WebAuthn is also quite flexible allowing users to log into their accounts online using devices they prefer.

ALSO READ: Intel Thunderbolt-based 'USB 4' to deliver up to 40Gbps data transfer speed

"FIDO2 cryptographic login credentials are unique across every website, biometrics or other secrets like passwords never leave the user's device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks," said the consortium. "Because FIDO keys are unique for each Internet site, they cannot be used to track you across sites."

FIDO Alliance has released testing tools and launched a certification programme to help service providers get started with the new standard.

ALSO READ: 14.5% Indian companies could not detect any cyber attack in 2018: F-Secure Report

 

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 05 Mar, 17:19 IST
NEXT ARTICLE BEGINS