Microsoft Edge gets Web Authentication specification support
You should now be able to sign into websites on Edge using your face, fingerprint, a PIN, or a FIDO 2 security key.
Microsoft announced today support for the Web Authentication specification in its Edge browser, helping bolster security and making it easier to sign in without having to remember long, random passwords. From Microsoft:
This new feature, which is available starting with Windows 10 Insider Preview build 17723 or higher, is centered around the hardware used with Windows Hello, like IR cameras and fingerprint readers, to log you into websites with hardly any hesitation.
In addition to being able to use your face or fingerprint to authenticate, you'll be able to use a PIN or external FIDO2 security key, and any websites unprepared for a passwordless future can take advantage of backward compatibility with FIDO U2F external devices.
Related: Windows Hello adding support for FIDO2 Security Keys
Those of you with build 17723 or higher can give this feature a try now, and anyone interested in using the Web Authentication API on their own websites can check out further documentation from Microsoft (opens in new tab) involving implementation.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Cale Hunt is formerly a Senior Editor at Windows Central. He focuses mainly on laptop reviews, news, and accessory coverage. He's been reviewing laptops and accessories full-time since 2016, with hundreds of reviews published for Windows Central. He is an avid PC gamer and multi-platform user, and spends most of his time either tinkering with or writing about tech.
This Edge implementation (which is standard and hopefully coming everywhere - I think Chrome and Safari already have it) is arguably much better because it takes the password out of the equation - and that's what's making it secure - because passwords can be cracked and phished and are often reused.
Samsung's current implementation probably isn't any more secure than anything else because if you can sign-in to the phone, you can get through the browser. Still, it's something.
The only thing is independent updates require Microsoft to maintain much more support and testing for all Edge configurations (i.e. Edge 19 on Windows 10 1703, Edge 17 on Windows 10 1709 etc.). It's probably a convenience thing for them because now they only have to test Edge with the corresponding Windows version - and trust me, when the whole SDK depends on it, it's so much harder than it sounds. Edit: What's a little easier is separating Edge and EdgeHTML (at least it sounds so to me). They should be able to update just the "box" of the browser which includes changes like PDF tools etc. that were added in a recent build. That should be independent of Windows version.
I read the article that was linked to in that sentence, and still do not understand this sentence. Would someone mind explaining it to me?