comscore
News

Google Chrome, Mozilla Firefox gain support for new standard for password-free logins

The new standard will be supported in upcoming versions of Chrome and Edge.

  • Published: April 12, 2018 9:18 AM IST
google-chrome-browser-stock-image

Google Chrome and Mozilla Firefox will be making authentication process for you a little bit more easier. The browsers will now support a new standard for password-free logins called WebAuthn. The new open standard, announced by W3C and FIDO Alliance standard bodies, is currently supported in the latest version of Firefox, and will be supported in the upcoming versions of Chrome and Microsoft Edge in the next few months. Support for Apple’s Safari is yet to be ascertained.

WebAuthn essentially makes the authentication process seamless with password-free logins. As The Verge reports, WebAuthn received the W3C approval after nearly two years. The announcement is a first for browser support. At present, we continue to use passwords or PINs for logins. However, there are some services including Facebook and Google, which allow you to use more secure login methods, where you can log in using a Yubikey token built to the FIDO standard.

The WebAuthn open standard will make it easier for services to move away from passwords, and towards methods such as biometrics and USB tokens. Smaller services will find it easier to implement the features, whether using those devices as a second factor or replacing the password entirely. This, in turn, will help other services over the web to adopt the new authentication methods, potentially leading to more such login methods across the web.

Watch: Top rated smartphones of 2017

“Previously, the work to support tokens was happening amongst big companies like Google, Microsoft and Facebook, which would implement their own drivers,” Selena Deckelmann, who worked on Firefox’s implementation, is quoted as saying in the report. “With WebAuthn, you’ll be able to use commonly available libraries.”

The FIDO standard is more robust and immune to conventional phishing as it is built on a zero-knowledge proof, and there is no single string of characters that guarantees access to an account. This system is still limited to a few services, but it offers a new way for users and businesses to protect their data, especially in times when data is the biggest entity to protect.

  • Published Date: April 12, 2018 9:18 AM IST