WebAuthn will usher an era of password-free login to web browsers
Soon PC users won’t require passwords to login to their favourite social media, email or online banking accounts on web browsers. World Wide Web Consortium (a global body with 474 member companies working on the development and adoption of new web standards) and the FIDO Alliance (another global body with 260 members but with greater focus on improving web authentication) have announced new web authentication standard called WebAuthn for web browsers which allows PC users to use biometric data such as fingerprint, face and iris to login instead of password. It also offers the option to login with a smartphone or a USB based external authentication device like security key such as Yubico’s FIDO approved U2F Security Key, which costs Rs3,700.
Mozilla, Google and Microsoft have started working on making the new standard available on their respective web browsers on Windows, Mac, Linux and Chrome OS.
All web browsers allow users to login to their online accounts quickly by providing them the option to save their password. While it is convenient, there is always a risk of the data getting into wrong hands, in case of phishing or MIM (man in the middle) attacks.
With the addition of WebAuthn, users won’t have to save passwords on the browser anymore. Instead they can save their fingerprint, face or iris scans and use them to log into their accounts.
The option to login with smartphone will require users to connect the smartphone to the PC via Bluetooth or NFC. To login with Security Key users will have to plug in the device into the PC via the USB connector. Once it is plugged in the website will look for the security key and ask user to type in the 4 digit unique pin to login. Similarly logging on smartphone will require users to connect it to the PC via Bluetooth and then type in a custom pin to login.
Biometric data will be saved on the PC while the pin will be on the security key. The new web standard will work only on PCs with built in fingerprint or cameras which support face and iris scanning. Most of the high-end notebooks offer finger print and face scanning.
WebAuthn is also available to developers so they can incorporate the new login options on their websites.