New way to connect without password when surfing on the web, A new standard soon integrated with browsers,many tabs are often open simultaneously, email sevice, Social networks, online banking, messaging or other services, all will require a password to connect, Using the same password for all platforms increases the risk of being hacked, and retaining at least 10 different passwords is no easy task to remember.
WebAuthn is an API that works as a key. It can be integrated directly into the browsers and infrastructure of a platform and allows to authenticate on the Web safely, avoiding the entry of identifiers and using the facial recognition, a fingerprint, a PIN or a U2F security USB key. The principle is simple: depending on the selected security mode, you log in to the desired services via Bluetooth, NFC or USB. With Web Authentication, no more username and password to remember. However without your security key, fingerprint or face, it will be impossible to connect. The standard is supposed to improve the security on the Web by acting as a bulwark against the phising or the theft of identifiers. Its coming into effect is expected in the coming weeks on Chrome, Firefox and Edge browsers, with cross-platform compatibility (Windows, Mac, Linux, Chrome OS and Android).
This is not the end of passwords
WebAuthn will not put an end to the good old passwords for now. Website and application developers will have to choose whether or not to integrate a support of the standard with their services, which will be able to reinforce existing security features. Thanks to this process, authentication will gain in speed, while maintaining a high level of security. It's easy to imagine that in a short time, when WebAuthn is fully deployed, no one will have to rack their brains to find their last password. Jeff Jaffe, CEO of the World Wide Web Consortium said:
Security on the web has long been a problem that has interfered with the many positive contributions the web makes to society. Although there are many security issues on the Web and we can not solve all of them, the use of passwords is one of the weakest links. With WebAuthn's multi-factor solutions, we are eliminating this weak link. WebAuthn will change the way people access the web.
Latest published version: https://www.w3.org/TR/webauthn/ Editor's Draft: https://w3c.github.io/webauthn/