Something important happened in the world of passwords this week – Firefox 60 has become the first browser to support a new standard called
Web Authentication (WebAuthn).
Developed as a joint effort by the industry FIDO Alliance and the World Wide Web Consortium (WC3) on the back of Universal Authentication Factor (UAF), WebAuthn is an API which deploys public key encryption to let users log into websites without needing a password.
The point of WebAuthn is to turn today’s flawed authentication model on its head.
That model typically has users authenticating themselves with passwords and, in some cases, a second factor such as a one-time code.
Passwords are widely reused, bad ones are easy to guess, strong ones are hard to remember and all passwords can be stolen by phishing attacks. The one time codes that add so much extra protection are hardly used and can also be phished, although the window of time in which they can be used is very small.
WebAuthn aims to change all of that: