Biometric login with WebAuthn online authentication standard gets final W3C approval
The Web Authentication (WebAuthn) specification has been accepted as an official web standard, according to an announcement from the World Wide Web Consortium (W3C) and the FIDO Alliance, making the option to log in to web services and apps with biometrics, mobile devices, or FIDO security keys an official W3C Recommendation.
WebAuthn is a standard for platforms and browsers for simple and strong authentication. It is a core component of the FIDO2 specifications, and is already supported by Windows 10, Android, Google Chrome, Mozilla Firefox, Microsoft Edge, as well as in preview by Apple Safari.
“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,” comments Jeff Jaffe, W3C CEO. “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
A recent study from Yubico shows that the average user spends 10.9 hours per year entering and resetting passwords, costing companies millions, while stolen, weak, or default passwords are blamed for 81 percent of data breaches in Verizon’s 2017 Data Breach Investigations Report. Traditional multi-factor authentication (MFA) methods such as SMS one-time codes are still vulnerable to phishing, are not simple to use, and have low use rates, according to the announcement.
“The Web Authentication component of FIDO2 is now an official web standard from W3C, an important achievement that represents many years of industry collaboration to develop a practical solution for phishing-resistant authentication on the web,” said Brett McDowell, executive director of the FIDO Alliance. “With this milestone, we’re moving into the next phase of our shared mission to deliver simpler, stronger authentication to everyone using the internet today, and for years to come.”
A pair of FIDO Alliance standards were recently established as official ITU standards, and a recent report from Javelin sponsored by the FIDO Alliance shows the use of public key cryptography has increased dramatically over the past year.