Video: New Google Chrome filter will only eliminate the most annoying ads
This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.
Chrome, Edge, and Firefox will support a new Web Authentication API that should give more protection against phishing and reduce the need for passwords.
The WC3 Web Authentication API specification, or WebAuthn, promises a simpler and safer way of signing up to a site. Rather than register with a username and password, the user registers a fingerprint, retina, or other biometric stored in a smartphone.
The system relies on public-key cryptography and ensures that each site a user signs up to has its own key pairs, addressing the common problem of password reuse.
Once this API is available, a person could visit a site on a laptop, hit the sign-up button, and then receive a prompt on a smartphone asking the user to register.
The registrant needs to provide an ‘authorization gesture’, which could be a PIN or a fingerprint that then becomes linked to that account. In future, the individual will be able to sign in again with the same gesture.
See also: Password management policy
The API would allow application developers to offer the type of sign-in processes that Google and Microsoft have rolled-out for their respective users.
As Duo Security’s Nick Steele recently noted, the WebAuthn spec draws on the FIDO Alliance’s earlier standard called UAF or Universal Authentication Factor, but has a number of technical advantages and, more important for its long-term prospects, has backing from Google, Microsoft, and Mozilla.
The specification in January moved to the Candidate Recommendation (CR) stage of approval as a standard.
Although Apple’s Safari browser doesn’t currently support WebAuthn, it has several staff on the Web Authentication working group.
Previous and related coverage
Google closes a loophole that allowed uncertified devices to skip its compatibility tests.
The latest version of the protocol for HTTPS secure connections gets green light from the IETF.
Firefox could get its own ad blocker and breach notifications alerts, according to Mozilla’s 2018 roadmap.
Windows 10 Anniversary Update showcases evolution of Microsoft’s multi-factor authentication efforts
Why passwords are a terrible method of authentication (TechRepublic)
BioCatch’s VP Frances Zelazny explains how biometric security could soon replace passwords.