The Internet is one step closer to a passwordless future. The World Wide Web Consortium (W3C), along with the FIDO Alliance, announced that Web Authentication (WebAuthn) specification is now a web standard.
WebAuthn is a core component of the FIDO Alliance’s FIDO 2 set of specifications, which aims to provide easier authentication services to mobile and desktop environments. According to the alliance, WebAuthn enables online services to leverage FIDO Authentication through a standard web API that can be used in browsers and other web platform infrastructure. The W3C’s WebAuthn Recommendation currently supports WIndows 10, Android, Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari.
“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,” said Jeff Jaffe, W3C CEO. “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
The W3C explained that passwords are no longer efficient enough to protect users. Recent reports have found 81 percent of data breaches are the result of stolen and weak passwords. Additionally, too much time and resources are spent on passwords with 10.9 hours of users time per year spent entering or resetting passwords. Traditional multi-factor authentication methods such as SMS or additional security layers are also too vulnerable to phishing attacks.
FIDO2 was created to strengthen online protection with cryptographic login credentials, biometrics, fingerprint readers, and unique privacy keys.
“Web Authentication as an official web standard is the pinnacle of many years of industry collaboration to develop a practical solution for stronger authentication on the web,” said Brett McDowell, executive director of the FIDO Alliance. “With this milestone, we’re moving into a new era of ubiquitous, hardware-backed FIDO Authentication protection for everyone using the Internet.”