W3C launching new open authentication standard for the Internet
Passwords are quickly becoming an archaic creation in the minds of many a security researcher. There’re definitely better, more secure and easier to use ways to authenticate yourself and login to your favorite sites. The World Wide Web Consortium (W3C) wants to change with a new open standard to help make the Internet just a little bit more secure. And not too terribly more complicated either.
The password itself is usually the weakest link in any secure system. Most people don’t want to put int the required effort to create a properly complex password, or they don’t follow proper password etiquette and change them, substantially enough, at regular intervals. And really, who wants to have a super long password anyway. Sometimes even strong passwords get exposed and added to rainbow tables, rendering them absolutely useless anyway. So what does one do?
Make multi-factor authentication a thing, and a common, easy to use thing at that. That’s what the W3C intends to do with their FIDO 2.0 based authentication standard. They want to make an API easy for web developers to implement that can allow for many different types of authentication.
The FIDO framework is pretty flexible framework, letting you use a combination of password-based and passwordless based Want to use your fingerprint, or maybe even integrate Windows Hello and have your pretty face be the method for logging into something? Sure! What about using other biometrics plus a password plus a PIN? That would be uber-secure, and also quite possible.
“Our goal is to raise the entire Open Web Platform to a higher standard of security and to collaborate with industry, academic experts, and other standards organizations to ensure that specific Web security needs are met,” said Dr. Jeff Jaffe CEO of W3C. “We invite broad participation to work together on this top priority to keep the Web as secure as possible today and in the foreseeable future.”