W3C authorises WebAuthn standard for password-less authentication

WebAuthn standard enables logins via biometrics, USB keys, mobile phones and smartwatches

The Worldwide Web Consortium (W3C) and the FIDO Alliance have officially approved the Web Authentication or WebAuthn standard for password-less authentication.

WebAuthn provides a technical standard for authenticating users with biometrics, USB keys, mobile phones or smartwatches, rather than user names and passwords.

The aim of the standard is to reduce the risk of credential theft because login authentication comes via hardware or physical inputs, rather than an easily cribbed or cracked passcode.

"Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences," said Jeff Jaffe, W3C CEO.

"W3C's Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site."

You may already be using WebAuthn as it's supported in Windows 10, Android and the Edge, Chrome, Firefox and Safari web browsers. This means the main browsers and the largest operating systems in the world support WebAuthn, and the W3C approval is largely a formality.

But the next step is getting websites to support the authentication standard, which judging by the clunkiness of some sites and a lack of adoption of the latest security protocols, could mean WebAuthn takes a while to get slipped into various web services.

Making WebAuthn an official standard might help give the adoption a boost, but it will probably take some time for it to become genuinely ubiquitous.

The AI and Machine Learning Awards are coming! In July this year, Computing will be recognising the best work in AI and machine learning across the UK. Do you have research or a project that you think deserves wider recognition? Enter the awards today - entry is free.