In the age when people routinely memorized novels, our current debacles trying to recall passwords would look laughable. However, in the modern age, remembering 20 different passwords that use varied letter, number and capitalization patterns, is a true struggle for busy people the world over.
What’s more is that password managers are susceptible to vulnerabilities, and while you can jot your passwords down on a sticky-note, they tend to disappear in desk drawers.
Recently, the World Wide Web Consortium (W3C) approved a web authentication API, known as WebAuthn, a means of logging into online portals without using a password.
WebAuthn is supported in Windows 10, Android, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safarii (preview) web browsers.
WebAuthn functions in partnership with a Client to Authenticator Protocol (CTAP), and together they make up FIDO2, the feature that allows for a seamless, password-less login.
It works because it “…makes use of [a] public key encryption (PKE) for authentication, which involves using a pair of cryptographic keys: a private key that’s a secret, and a public key that is widely disseminated.”
So, the user will be able to send a message encrypted with a private key through any given online web portal, and the portal will decrypt it with the public key, confirming that particular user’s identity.
Private keys are likely to be biometric; either fingerprints or facial scans. This raises questions about biometric security, and its limitations, a topic that you can read more about in this CyberTalk article.
Nevertheless, “With platforms like Android and Windows 10 powering a combined billion active devices, the shift will lead to increased security for hundreds of millions of users,” writes TheNextWeb.
Get the full story from TheNextWeb.