Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Approves WebAuthn as the Web Standard For Password-Free Logins (venturebeat.com)

Posted by msmash on from the marching-forward dept.

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

3 of 55 comments (clear)

  1. Re:Something you have. by Meneth · · Score: 3, Informative

    Both of which are harder to replace when their server counterparts are deleted or leaked.

  2. Re:Thanks, but no thanks by Anonymous Coward · · Score: 2, Informative

    "For example, it seems like law enforcement is forced to spend hundreds of thousands of dollars to compromise phones because Google/Apple refuse to help them, so I'm wondering exactly what your threat model is."
     
    For a lot of people you just spelt it out. :) Different AC here and I don't find Apple refusing to unlock a phone a threat to me. I do find Google's tracking to be a threat though. Half the web is locked away if you refuse to play with Google. That is by design. I find the inability my phone to work with Google a threat. I mean I bought it from Samsung, why is Google controlling it. Why does Play keep asking to sync my contacts when I have said no many times but if I ever say yes it won't ask again. So yes, I feel threatened by Google because I know they are using what I do, say, who I relate to and with to make money or acquire power. Google should be broken up. We are of course talking about a company that was caught uploading 1GB a month of data from Aussie customers without telling them and tracking users even when location services have been turned off.

  3. Re: Thanks, but no thanks by Anonymous Coward · · Score: 2, Informative

    If you have to ask, that means you aren't invited.