In March of 2019, the world of technology experienced an exciting milestone that can be expected to entirely shift the way Internet users securely access their online accounts in just a few years.
Last month, the World Wide Web Consortium (W3C) ratified a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary in that it sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. The user experience subsequently becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
Sites could use devices similar to Web Authentication API in the past, but they required specialized, vendor-specific changes to the site. In addition, users had to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why Is It Important?
To put the already observed success of strong authenticators into perspective: Google recently required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concluded that 93% of data breaches were the result of phishing and pretexting.
Leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How Does It Work?
Continue reading here: https://www.digitalmaelstrom.net/are-passwords-a-thing-of-the-past/
Top comments (0)