Web Authentication Arrives To Microsoft Edge Browser

Username-password combination is the most common way to protect an account. But when we have just too many of them, things can be difficult.

In an attempt to embrace the 'passwordless" online world, Microsoft is having a go with its Edge browser, allowing users to securely sign in into websites without having to remember their passwords. To do this, the company announced its support for the Web Authentication specification in the browser.

Web Authentication here, is an open standard for passwordless authentication.

This feature essentially enables Microsoft Edge users to sign in to websites using Windows Hello, an alternative way to sign in using a fingerprint, iris scan or facial recognition. Or, they can use strong public-key credentials like a PIN or portable FIDO2 devices.

The company has also discussed how the APIs could be used for approving a payment on the web with users' face.

Using Windows Hello face recognition, Microsoft Edge users can sign in and pay for things on websites that support Web Authentication

"Staying secure on the web is more important than ever. We trust websites to process credit card numbers, save addresses and personal information, and even to handle sensitive records like medical information. All this data is protected by an ancient security model—the password. But passwords are difficult to remember, and are fundamentally insecure—often re-used, and vulnerable to phishing and cracking."

This technology is relatively new, so It should take a while before many websites on the web get on board. But to make sure that the ambition comes to a reality, Microsoft said that it's "working with industry partners on lighting up the first passwordless experiences around the web."

The company has also made it simple for websites to utilize backwards compatibility with external FIDO U2F security devices.

Username-password may still be the primary way for users to sign in into their accounts. But as many online services require users to sign in before doing anything, remembering that many passwords have become a burden.

What's more, passwords can be hacked in one way or the other. And a hard-to-guess password tends to also be hard to memorize, easy to forget, and still susceptible to phishing and cracking. It's also regarded as an outdated security model in the modern days of the internet.

One solution that takes user sign in to the next level, is using biometrics for authentication.

Since every human is unique, biometric system uses biological information about a person to identify that person. This should be good enough move towards a world without passwords. External FIDO2 security keys also work for authentication with a removable device and the users' biometrics or PIN.

Microsoft started this journey in 2016, when the company shipped its implementation of the Web Authentication API in Microsoft Edge. After working with other vendors and the FIDO alliance to develop the standard, the FIDO Alliance announced that the Web Authentication APIs have reached the Candidate Recommendation (CR) status in the W3C.

With this maturity and interoperability of the specification, Microsoft Edge is ready for the technology starting with build 17723.

Published:

01/08/2018