Biometric methods of user authorization have both their supporters and opponents. However, currently available fingerprint scanners are so precise that many specialists consider them to be safe and reliable solutions. Such methods will soon be used to log in to websites. The W3C organization and FIDO Alliance are working on the Web Authentication standard, which is not only to provide convenience, but also to improve the security of our data.
We all know that people are lazy about inventing passwords. More and more websites require us to set up an account, and we are unable to remember the different passwords for all our websites. Most users do not use password managers. That’s why a lot of people use the same password on many websites. This is a very dangerous practice, because the leakage of data from one website allows criminals to break into other websites. That’s why FIDO and W3C are working on a standard that will allow us to log in on websites using fingerprints, tokens or systems that recognize the user’s face. Work on the new standard is already very advanced.
The Web Authentication API has already been implemented in the Mozilla Firefox browser
Web Authentication Both Google and Microsoft announced that within a few months they will introduce Web Authentication in their browsers. Opera also declared itself to implement the new solution. Perhaps it will also be in Safari, but Apple may be stubborn when integrating the Touch ID and Face ID with the solution developed by FIDO Alliance.
What is the new solution? User authorization is done by means of operations performed using a pair of keys. During registration, the user’s authentication device sends its public key to the server. It can be stolen by hackers, but it does not pose any threat. During the next login, the server sends an authorization request. In turn, the user’s device generates a response that is generated based on the private key and other data (it can be a time stamp). Of course, the correct recognition of the user identify is required first (it can be, for example, a fingerprint). As you can see, the solution proposed by W3C and FIDO is almost ready. Now we only have to wait for implementations in particular browsers and popular websites.