WebAuthn API for traditional password replacement is approved

The World Wide Web Consortium, better known as W3C, officially approved the WebAuthn API on Monday. It is a web standard that should remove the need for passwords by authenticating with different methods and devices.

The W3C says that Web Authentication, or WebAuthn for short, is an official standard that is a big step forward in making the web more secure. The standard is already supported by Windows 10, Android and Chrome, Firefox, Edge and a preview version of Safari.

WebAuthn allows users to log in to their Internet accounts via a device of their choice. Internet services and apps can use this functionality by allowing users to easily log in via, for example, biometrics, a registered phone, cameras or fingerprint scanners.

The W3C specification is an API that addresses a number of different usage scenarios, such as authentication using a registered phone. When visiting a website on a PC, the user can log in with his telephone, for example. He will then receive a notification on his smartphone after which the login process can be completed with a PIN code or a fingerprint.

The idea of ​​WebAuthn is that authentication takes place on the basis of so-called public key cryptography, where the keys are stored on the authenticator. Compared to traditional passwords, this should have the advantage of increased protection against phishing. It should also prevent the use of leaked login information by malicious parties and make it easier to intercept a man-in-the-middle attack.

The standard was created through a collaboration between the FIDO Alliance and the W3C. The former was founded in 2012 to create an open, interoperable and scalable set of mechanisms to enable online authentication and password replacement.