Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 12 MINUTES AGO.
You are here: Home / Data Security / End of the Road for Passwords?
RIP: Is It the End of the Road for Passwords?
RIP: Is It the End of the Road for Passwords?
By Samuel Gibbs Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
12
2018
A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use.

The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.

Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.

"WebAuthn will change the way that people access the Web," said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.

One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.

WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.

"After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications," said Brett McDowell, executive director of the FIDO Alliance, one of the bodies pushing the new standard.

WebAuthn should also help people use unique login details for each and every service they use, instead of using the same login and password for every site, which many people still do leaving them vulnerable to further attacks if one site is hacked.

The W3C has moved WebAuthn to what’s called the "candidate recommendation" stage -- the penultimate step before it becomes an approved web standard -- inviting sites and services to begin implementing it. The web standards body announced that Google, Microsoft and Mozilla had committed to supporting WebAuthn, meaning that all major web browsers short of Apple’s Safari will implement the new standard.

"While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link," said Jaffe.

Several sites and services already use similar methods to log in, including Google and Facebook, which can both be logged into using a USB security key. But a single cross-platform, cross-service standard ratified by the W3C will mean that many more sites and services will be able to kill the password as the defacto login method.

WebAuthn is the culmination of many years of work and the change will not happen overnight. But as it increasingly seems inevitable that our email or other online services will get hacked into, removing the password is an important step in improving online security and making using sites and services easier.

© 2018 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.