Over the past few years, we"ve seen companies pushing for a move from traditional passwords to more secure methods of authentication, such as SMS verification, biometrics, and more. To enable that, Web Authentication (WebAuthn) is a specification that allows users to log into websites using one of these methods, and it"s been widely adopted by most major browsers, including Microsoft Edge.
Despite its widespread adoption, WebAuthn wasn"t actually an official web standard up until now. Today, the World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance announced that this has changed and that WebAuthn has been approved as a web standard.
The W3C urges websites to adopt the new standard as a way to allow users to log in more easily, quickly, and securely:
“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences (...). W3C"s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”
FIDO keys have many advantages over passwords, specifically the fact that credentials are unique for every website and that they"re never stored on any server. This should greatly reduce the risk of password theft and other security threats on the web. It can also be more convenient to use biometrics or other methods to log in instead of passwords.
With WebAuthn now being an official standard, it will hopefully be a matter of time until many more websites start implementing it.