The death of the passwords?

By Cameron Abbott and Allison Wallace

While the recent Facebook saga has underlined the fact that using a password to protect your data doesn’t mean it won’t be improperly accessed, we have become used to needing to create, remember and use passwords in most aspects of our digital lives.

But the humble letter/number/symbol combination may soon be a thing of the past, with a new web standard – the Web Authentication (WebAuthn) – expected to be issued soon.

If approved, WebAuthn will replace the password with either biometrics or devices like smartphones, security keys or webcams that communicate with the website via Bluetooth, USB or near-field communication (NFC).

WebAuthn is at the candidate recommendation stage in front of the World Wide Web Consortium (W3C) – the body that develops web standards – which is the final step before it becomes an approved standard.

The new standard has ambitions of reducing the incidences of the theft and use of credentials, and protection against phishing attacks. By its nature, it will also help people use unique logins across the online services they use.  Most people use the same login details across multiple websites and the new standard will therefore reduce vulnerability to attacks.

While sites like Google and  Facebook already offer users the option to use similar methods to WebAuthn for logging in, once W3C approves it as a standard, many more sites and services will be able to put a stake in passwords as a login method.

We’ll keep you posted on any further developments.


Copyright © 2024, K&L Gates LLP. All Rights Reserved.