Mozilla’s Firefox 60 is the world’s first browser to give you password-free logins

“Mozilla has released Firefox 60 with support for a new option to sign in to websites without using a password,” Liam Tung reports for ZDNet. “That’s thanks to an emerging W3C standard called Web Authentication or WebAuthn, which is enabled by default in Firefox 60 and is coming later this month to Chrome 67, and Microsoft Edge. It’s also under consideration for Safari.”

“By removing passwords, the WebAuthn API will make phishing attacks a lot harder and gives users more convenient authentication choices, including hardware security key dongles such as a YubiKey device, fingerprint readers on smartphones, or facial-recognition systems like the iPhone X’s Face ID,” Tung reports. “A key advantage, like the FIDO Alliance’s predecessor U2F standard for security keys, is that WebAuthn generates cryptographic public-private pairs for signing in, which means no shared secrets that could be leaked if a site is hacked.”

“Though the standard is currently only rolling out to desktop browsers, in future mobile browsers are likely to support it too,” Tung reports. “As it stands, Firefox for the desktop is the first browser to support WebAuthn. According to Mozilla, WebAuthn currently supports security keys like Yubico when plugged into a USB port, but in future it will enable biometric login from mobile devices following a notification issued by a website, so long as the site also supports WebAuthn.”

Read more in the full article here.

MacDailyNews Take: We’ll wait for it to come to Safari and, in particular, work with Face ID, thanks.

17 Comments

    1. Yes it would be if keychain were reliable but unfortunately like so many things Apple these days it is not. My keychain saved passwords have already been completely screwed up twice this year. Very sad Apple

      1. Agreed. Keychain is VERY unreliable, especially on the iPhone. I can’t count how many times I have had to reset passwords because Keychain failed to work on my iPhone. Too many!

        That’s the typical lack of quality I have come to expect from Tim Cook’s Apple. The man simply does not care about attention to detail. Things used to work. Now they don’t and it shows. All the time.

    1. My only troubles have been fairly obscure:

      • Having to remove old passwords from Keychain after I’ve changed them.

      • Having to DIY remove approval of System Root Certificate Authorities (CAs) that have screwed over the Internet. As ever, I wish Apple was faster at responding to security threats. (Example: StartCom. Coming up: incompetent Symantec).

  1. I really like the IDEA of Keychain, and it works, sometimes. Seems to be good enough for Apple lately…not for me. I’ve still never spent my lucres on anything computer but Apple, but if, IF, I ever found anything I thought was better, I’d be gone in a NYC second.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.