The World Wide Web Consortium (W3C) and the FIDO Alliance have finalized the Web Authentication (WebAuthn) standard for no-password sign-ins.
Despite being officially finalized on March 4th, the standard has been in use for some time. Further, it’s already supported by Windows 10 and Android, along with several browsers including Chrome, Edge, Firefox and Safari.
WebAuthn allows users to log into websites using biometrics, like fingerprints or facial recognition, USB security keys or nearby mobile devices like phones and smartwatches.
Additionally, WebAuthn uses unique encrypted login details across every website, which should eliminate the risk of phishing, password theft and replay attacks. Further, it means your passwords and biometric data never leave the device, and the unique keys prevent you from being tracked across sites.
Unfortunately, the challenged with WebAuthn will be getting sites on board. There are a lot of webpages on the internet, and most of them probably won’t be rushing to ditch passwords.
That said, an official standard should help convince sites to adopt WebAuthn.