Skip to main content

The web just took a big step toward a password-free future

The web just took a big step toward a password-free future

/

WebAuthn is here to kill the password

Share this story

An image showing a lock made up of binary code
Illustration by Alex Castro / The Verge

Today, the World Wide Web Consortium (W3C) approved WebAuthn, a new authentication standard that aims to replace the password as a way of securing your online accounts. First announced last year, WebAuthn (which stands for Web Authentication) is already supported by most browsers, including Chrome, Firefox, Edge, and Safari. Its publication as an official web standard should pave the way for wider adoption by individual websites.

At its core, WebAuthn is an API that allows websites to communicate with a security device to let a user log into their service. This security device can range from a FIDO security key that you simply plug into a USB port on your computer to a more complex biometric device that allows for an additional level of verification. The important thing is that WebAuthn is more secure than the weak passwords people end up using for most websites, and it’s simpler than having to remember a string of characters in the first place.

Now that the standard has been approved by the W3C, the next step is for websites to integrate the standard. Dropbox was one of the first to do so last year, and Microsoft did so soon after. The password isn’t on its last legs just yet, but after today’s announcement, WebAuthn is one step closer to being a viable alternative.