New authentication standard could let you ditch passwords across the web

When it comes to security for online accounts, the weakest link usually comes down to your password. However, the FIDO Alliance and the World Wide Web Consortium (W3C), both organizations that are behind the proliferation of open standards, are ready to make using passwords online a thing of the past.

In a joint announcement today (via The Verge), W3C and the FIDO Alliance announced a new web authentication standard, called WebAuthn, that will let people use biometrics and USB tokens, like YubiKey, with web logins.

While some online services already support logins with these methods, WebAuthn will give browsers and services a common open standard to build off of. This could allow sites to leverage things like fingerprint readers and cameras in place of, or in addition to, your password to log in.

"With Web Authentication, we're giving people using Firefox the opportunity to add another layer of security to their browsing experience," said Selena Deckelmann, who is Senior Director of Engineering for Firefox Runtime at Mozilla. "Giving people greater control over how they manage their security online and making the internet safer is central to Mozilla's mission to keep the web open and accessible to all."

In terms of implementation, WebAuthn is already supported in the latest version of Firefox. Google and Microsoft are also working to implement the standard in Chrome and Edge.

As with anything, there's no guarantee that WebAuthn will be foolproof. However, in a time where it feels like you can't go a week without hearing about a data breach, taking a step toward replacing passwords with something potentially more secure is welcome.