Passwords are pretty archaic. Unfortunately, despite the best efforts of companies including Google, Apple and Facebook, no one has figured out a uniform standard that would make it possible to do away with them entirely. Until, perhaps, now.
Photo: Sam Rutherford (Gizmodo)
A new credential system proposed by the W3C – the World Wide Web Consortium – could be what we need to kill off the password for good.
Per the w3c, the new Web Authentication specification details an “API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users”. In other words, this would be a universal system that could offer unique encryption keys for each user that could be accessed securely across every site, all in your standard web browser.
But the big upgrade is that, instead of being limited to a regular password, the API would also support the use of fingerprint readers, cameras and USB keys as a method of logging into your account. In fact, some potential use cases even include using the fingerprint reader on your phone to log into a website that you’re browsing on your laptop or desktop, which may not have its own fingerprint sensor.
While the new standard is currently listed as just a “Candidate Reccomendation”, the feature is already in use as an experimental technology in FireFox, with other browsers including Chrome and Edge expected to test the Web Authentication API later this year.
The sad part so far is that, despite input and contribution from companies such as Google, Microsoft, PayPal, Mozilla and Qualcomm, it doesn’t seem as though Apple is on board to help test or refine the tech. That’s a real shame, because even though wide-scale adoption is still a ways out, it would be nice if there was a secure, non-proprietary login platform that all the big tech companies could agree on.