W3C and FIDO Alliance finalize web standard for secure, password-less logins

The World Wide Web Consortium (W3C) and the FIDO Alliance have announced the Web Authentication specification is now an official web standard. This advancement is a major step forward in making the web more secure and usable for users around the world.

W3C’s WebAuthn Recommendation is a core component of the FIDO Alliance’s FIDO2 set of specifications and is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) Web browsers. WebAuthn allows users to log into their internet accounts using their preferred device.

Web services and apps should turn on this functionality to give their users the option to log in more easily via biometrics. With FIDO2 and WebAuthn, the global technology community has come together to provide a shared solution to the shared password problem. FIDO2 addresses all the issues with traditional authentication including security, convenience, privacy, and Scalability. FIDO Alliance has provided testing tools for those who wish to get started and launched a certification program.

Jeff Jaffe, W3C CEO said:

Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences. W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.

Brett McDowell, executive director of the FIDO Alliance said:

Web Authentication as an official web standard is the pinnacle of many years of industry collaboration to develop a practical solution for stronger authentication on the web. With this milestone, we’re moving into a new era of ubiquitous, hardware-backed FIDO Authentication protection for everyone using the internet.