Goodbye, Passwords: A New Login Standard Is Taking Over the Internet

Web browsing is about get simpler AND more secure

March 5, 2019 9:00 am

Remembering thousands of passwords or using a cumbersome password manager could soon be a thing of the past, thanks to a rather awkwardly named new initiative called WebAuthn.

Don’t let your eyes glaze over just yet. The W3C and FIDO Alliance announced the new web standard this week, and it’s basically going to allow you to use your fingerprints or mobile device to log in online (sans passwords) pretty much anywhere. It’s safer, doesn’t require memorizing eight-digit passcodes and everyone’s gonna be doin’ it.

Let’s explain:

What is WebAuthn? It means “Web Authentication.” It’s a new official web standard that’ll allow you to easily use biometrics, mobile devices or FIDO security keys to verify your identity in lieu of passwords. Because a standard has been set, it’ll allow other sites, browsers and companies to jump onboard quickly.

What’s the W3C? The World Wide Web Consortium. Its 400+ member organizations are calling for unified technical standards and a more accessible (yet secure and private) web.

And what’s FIDO? Fast IDentity Online. Basically, the members of the FIDO Alliance want to get all your tech to forego passwords and utilize stronger, safer and simpler encryption and authentication methods. Like WebAuthn.

How does WebAuthn make things easier? Goodbye, hard-to-memorize passwords. Hello, fingerprint readers, cameras, FIDO security keys and personal mobile devices as your login.

How does this makes things safer? Your encrypted password never leaves a user’s device and login credentials will be unique across every website, so no more phishing attacks or password theft. Also, FIDO keys are unique for each site, so nobody can track you as you browse.

Fun password facts shared by the W3C: Stolen, weak and default passwords are behind 81 percent of data breaches, and users spend nearly 11 hours per year entering or changing passwords. Those numbers are about to go WAY down.

Does this change my daily life? WebAuthn already has built-in support in popular browsers like Chrome, Firefox, Edge and Safari, as well as in operating systems such as Android and Windows 10 and services like Dropbox, Facebook, GitHub, Salesforce, Stripe and Twitter.

Do I still need a password manager? Given that it took took more than three years to get WebAuthn on the books (the standard was originally announced in November 2015), we’d say yes. Keep using Dashlane or 1Password until all your tech is utilizing WebAuthn (that’ll be a few years, and there will be inevitable holdouts), and stop using “password” as your password.

Photo by Yura Fresh on Unsplash

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.