“By removing passwords, the WebAuthn API will make phishing attacks a lot harder and gives users more convenient authentication choices, including hardware security key dongles such as a YubiKey device, fingerprint readers on smartphones, or facial-recognition systems like the iPhone X’s Face ID,” Tung reports. “A key advantage, like the FIDO Alliance’s predecessor U2F standard for security keys, is that WebAuthn generates cryptographic public-private pairs for signing in, which means no shared secrets that could be leaked if a site is hacked.”
“Though the standard is currently only rolling out to desktop browsers, in future mobile browsers are likely to support it too,” Tung reports. “As it stands, Firefox for the desktop is the first browser to support WebAuthn. According to Mozilla, WebAuthn currently supports security keys like Yubico when plugged into a USB port, but in future it will enable biometric login from mobile devices following a notification issued by a website, so long as the site also supports WebAuthn.”
Read more in the full article here.
MacDailyNews Take: We’ll wait for it to come to Safari and, in particular, work with Face ID, thanks.