Having to remember dozens, or even hundreds of passwords could become a thing of the past. The W3C has published a new API, that is at the Release Candidate stage, that will let web browsers use biometric information stored in smartphones. Chrome, Edge and Firefox will be supporting Webauthn, with Chrome and Firefox announcing support will be part of the releases made in May this year.
The API will intercept requests to sign-in to online services and lets them use an “authentication gesture”. For example, that could be a fingerprint if your device has a scanner, or facial recognition such as Windows Hello or FaceID.
With password re-use cited a common weakness of password systems and the need to either remember lots of passwords or use a password manager. being able to use some other method that is baked into our hardware and software is a great step forward. Despite all the massive advances made in UX design, passwords remain one of the greatest bugbears of users and system administrators.
Although this won’t signal the instant death of passwords, the creation of standards like this provide developers with the tools they need to build secure applications without having to recreate new authentication tools all the time.
Full details of Webauthn are available at the W3C website.