If it’s the interwebs, then something must have changed since yesterday. Remember usernames and passwords? They are so 1999. The only problem is they’re still around and we use them every day. Bah humbug.
Is there a better way?
Well, password managers help us login to as many websites as we need and thanks to Touch ID and Face ID some of Apple’s customers can forget about even a single password to open the password manager app. For awhile.
Is there a better way?
Short of a brain scan, probably not, but the good folks who dream up standards for humankind have a new one. It’s called Web Authentication; already available on Firefox 60, and coming soon to Microsoft Edge and Chrome 67 and maybe one day to Safari. That pretty much covers humanity’s browser users, right?
The whole idea behind WebAuthn is simple. Increase security. Increase convenience.
You know. Like Touch ID and Face ID.
Technologically speaking, WebAuthn will generate cryptographic private-public pairs for a sign in to a website. That means if the site is hacked your username and login credentials won’t be valuable.
Not only is Firefox moving ahead quickly– faster than Google, Microsoft, and definitely faster than Apple– to implement WebAuthn, Dropbox is already there, too. So, when do we get to get rid of usernames and passwords?
A natural question is if we still need passwords too. Your credentials could be stored on a device like your phone, laptop, or security key, and services could use WebAuthn to sign in to your account after you scan your fingerprint or input a PIN on the device. There are still many security and usability factors to consider in these scenarios before replacing passwords entirely, and we believe that enabling WebAuthn for two-step verification strikes the right balance for most users right now.
Translation: “Not yet.”
Now do you see the beauty in Touch ID and Face ID? Apple gave us high security and high convenience. It’s also easy to see why Touch ID hasn’t made its way to many Macs. Face ID matured very fast and Apple made it scale to a hundred million iPhones, so we can expect the security technology to show up in future Macs, iPhones, and iPads.
It is unlikely Apple would skip WebAuthn to use only Face ID, and it would seem trivial to have WebAuthn integrate with Apple’s own technology, starting first with Safari, then Safari and other applications on Mac, iPhone, and iPad.
Are we about to embark upon a password free journey?
What we get is more and better of what we have already in Touch ID and Face ID. Higher security and higher convenience.