Death of the password? New web standard trades passcodes for biometrics
The death of the password could be upon us.
A new security standard recently endorsed by the World Wide Web Consortium has experts excited about the prospect of making logins “unphishable” and ending the vulnerabilities that currently exist because so many users have poor “password hygiene” and reuse the same one across countless websites.
The Web Authentication (WebAuthn) standard developed collaboratively by members of the FIDO Alliance — which includes the likes of Amazon, Facebook, Google, Intel, Lenovo, Microsoft, PayPal, Samsung and Visa — allows web surfers to use biometrics such as fingerprints or facial scans instead of inputting a password. Plugging a compatible USB device into a computer can also be used to bypass password screens on participating websites.
“I don’t think the password will be killed tomorrow, or even within the next three to six months, or even year,” says Joni Brennan, president of the non-profit Digital ID and Authentication Council of Canada.