14 DAY TRIAL // Today, the World Wide Web Consortium (W3C) has announced the creation of a new working group tasked with standardizing a new Web authentication mechanism to work together or even replace classic username-password combos.
The newly formed Web Authentication Working Group will have to create a universal authentication system that revolves around strong, open cryptography.
This new system will have to be strong enough but also easy to implement, to convince webmasters to use it as an alternative and then as a replacement for today's practice of using usernames and passwords for authenticating users.
While passwords do provide a great deal of protection, the human element often weakens their ability to safeguard data. Password reuse and weak password strings allow attackers to retrieve passwords even from a hashed format.
Because of this, in 2013, PayPal and Lenovo started a new open initiative called the FIDO (Fast IDentity Online) Alliance. With time, other companies joined, such as Alibaba, Bank of America, Google, Intel, ING, MasterCard, Microsoft, Qualcomm, RSA, Samsung, Visa, and many others more.
FIDO Alliance has already done all the heavy lifting
For the past two years, this group has been quietly working on a new set of APIs that will make it easier to authenticate users with passwordless solutions. Their API was specifically crafted to work across different browsers and has a pluggable architecture.
Currently, the FIDO 2.0 Web APIs allow developers to authenticate users via biometrics (voice, eye, fingerprint) and encryption-based solutions (portable USB dongles with an encryption key), but other solutions can be plugged in when they arise.
In November 2015, the FIDO Alliance donated this API to the W3C, which has now announced it plans to use it as the base of its upcoming Web Authentication API.
"Our mission is to revolutionize authentication on the Web through the development and global adoption of technical specifications that supplant the world's dependency on passwords with interoperable strong authentication," said Brett McDowell, executive director of the FIDO Alliance. "With W3C's acceptance of the FIDO 2.0 submission, and the chartering of this new Web Authentication Working Group, we are well on our way to accomplishing that mission."
