Firefox and Chrome agree on a procedure: why the password could soon be history

A small step towards a phishing-free world? It has been known for some time that a login by username and password is not the safest method - alternatives have to come from. Mozilla, Google and Microsoft now support a login standard without password entry.

0 524
Google Chrome : A 2-factor authentication with an additional code by SMS or mail has been around for some years, but few users secure their accounts through this – rather inconvenient – way. Login without password? This should be possible with another standard, FIDO. Logging in, for example, works through biometric methods – such as the iris scanner or fingerprint that unlocks the smartphone – or through a token in the form of a USB stick that can be easily carried on a keychain. As the World Wide Web Consortium (W3C) and the FIDO Alliance announced, Firefox, Chrome and Edge will in future support the interface to FIDO for websites: WebAuthn. Firefox already supports the current version, while Chrome and Edge will move up to coming versions in the coming months.

WebAuthn: Not just for big online services

WebAuthn is already represented on major online services like Google and Facebook. Login is possible via the FIDO standard “Yubikey token”. WebAuthn is also aimed at smaller sites, because for them the Fido standard is easier and less expensive to implement. For example, a USB token can be used as a second factor as well as completely replace the password. For authentication, not only USB tokens are possible, but also smartphones or smartwatches.
The FIDO standard is based on a zero-knowledge proof, as The Verge reports. This should make it particularly difficult to perform phishing attacks or impersonate online services as a person you are not, as there is no string that allows access to an account.

WebAuthn: End for Phishing Attacks and Password Thefts?

The commitment of the major browser makers is a “big step” for Brett McDowell, director of the FIDO alliance. “After years of heavy data leakage and password theft, it’s now time for vendors to end their dependency on vulnerable passwords and apply phishing-resistant FIDO authentication across all websites and apps,” said McDowell. However, it can not be ruled out that criminals will also find a way for WebAuthn to obtain secret access data.
Apple has not yet commented in support of Safari for WebAuthn, although the group is part of the developer group of the standard.

See Also : Windows Defender: Critical Bug Allowed Foreign Takeover Of The PC

Leave A Reply

Your email address will not be published.