The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. First announced by the W3C and the FIDO Alliance in November 2015, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico.
The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.
Killing the password
“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,” W3C CEO Jeff Jaffe said in a statement. “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
Although the W3C hasn’t adopted its own creation yet, WebAuthn is already implemented on sites such as Dropbox,…
Latest posts by Peter Bordes (see all)
- Scientists Discover Nearly 200,000 Kinds of Ocean Viruses - April 28, 2019
- Here’s why privately-owned cities are a terrible idea - April 28, 2019
- Nubia announces Red Magic 3, the first gaming phone with an internal cooling fan - April 28, 2019
More from Around the Web