You are here

No More Passwords

WebAuthn Shield

The demise of the password came a step closer last March with the adoption of a new standard for physical "keys" for logging in to websites. "WebAuthn," as it's called, makes it easier for sites to let users log in through a physical method - rather than relying on  having to remember a password.

These methods range from USB devices that act like a physical key to biometric devices such as fingerprint or eye scanners. The big hope is that such devices will reduce, and eventually eliminate, the need to rely on passwords which can be guessed or stolen in data breaches.

Browsers Already On Board

Having a standard is vital to make sure all compatible devices work with logins for all websites that support the technology. If this wasn't the case, we might need multiple login devices, which would undermine the simplicity of the technology.

For the WebAuthn standard to work, it needs to be supported by web browsers, websites and device manufacturers. Most major web browsers already support it, as do the device manufacturers.

This step is the official adoption of the standard by the World Wide Web (WWW) Consortium. That's the organization that makes sure everyone involved in the web does key things the same way. For example, it oversees the development of code languages such as HTML and CSS which browsers use to turn a website's code into what we see on screen.

Websites Must Add Support

The hope is that now it's an official standard, more and more websites will follow the lead of Microsoft and Dropbox in supporting the logins. It's a bit of a chicken-and-egg situation as users might not bother with getting physical login devices unless they work on most sites, but sites might not bother supporting it until most users get the devices.

Site owners will need to add code to support the standard. However, the World Wide Web Consortium says this will be relatively simple and, importantly, won't require extra work as sites get larger or busier. (Source: w3.org)

I've used "FaceID" on my iPhone for the last three years. It unlocks your phone by looking at it. So fluid and frictionless; it's pretty clear to me that passwords are old hat these days. I will be happy to see them go. How about you?

What's Your Opinion?

Are you comfortable with the idea of a physical key as a way to login to websites? How widespread would it have to be on the web before you'd consider getting such a device? Do you think the password will ever die out completely? Write to me at [email protected] and let me know your thoughts.

Tags: