WebAuthn: A New Way To Passwordless Authentication

Passwordless Authentication

Take a small step towards phishing free world!

In this technological advanced and insecure world where cyber criminals are becoming smart each passing day we need to build new ways to stay secure and protected. To offer protection and stronger authentication World Wide Web Consortium (W3C) and FIDO Alliance bodies have announced a new web standard to protect user’s passwords from getting into wrong hands.

When we visit a site, and key in our credentials to login, web browsers give us an option to save details for quick and easy access. But saving these details online is risky, as an attacker can easily get their hands on to such data via phishing or Man In Middle (MIM) attacks.

With the new web standard called WebAuthn, we can bid adieu to the insecurity offered by passwords. WebAuthn will replace passwords with biometric authentication. It will be supported by latest version of Firefox, Chrome and Edge.

Soon we will see a password less world where cyber attackers will have difficulty in accessing our details.

Also Read : Tips to Safeguard Your Mobile Payment Apps

What is WebAuthn?

A new tool using which users will be able to login to web pages with their biometric recognition -face, fingerprint and IRIS, instead of passwords. Plus, users will have the choice to login using a smartphone or a USB based external authentication device like security key.

Instead of remembering long strings and multiple passwords users will be allowed to authenticate their login with something they have control of.

How Will It Work?

When a user will visit a site he will be required to key-in his credentials to login. As soon as he will enter the username, an alert message will be sent on his smartphone, tapping on which will allow him to login to the website without requiring him to enter the password.

It is a promise made to protect users against phishing attacks. Once WebAutn is implemented there will be no credentials to steal as the authentication token will be generate randomly each time user logs in.

To login using the smartphone users must connect to the PC via Bluetooth. To login using Security Key, USB connector will be used to attach the device to PC. Once connected, the website will search for the security key and will prompt the user to enter 4 digit unique pin to login.

Biometric data will be saved on PC whereas the pin will be on security key. To begin with, the new standard will work only on PCs with built in fingerprint or cameras.

Must Read : All You Need To Know About SOAPA

Say Bye to Passwords

Soon users will be able to live in a phishing free world where there will no fear of password theft. They can login to their favorite social media accounts, email or online banking on web browsers without a password. No longer will they have to remember those lengthy and multiple passwords.

With WebAuthn in place, people will start accepting passwordless authentication and it will be more practical. Certainly, the use of passwords won’t go away overnight, but WebAuthn will surely replace it and will hold a primary place when it comes to web security.