Video: New Google Chrome filter will only eliminate the most annoying ads
Chrome, Edge, and Firefox will support a new Web Authentication API that should give more protection against phishing and reduce the need for passwords.
The WC3 Web Authentication API specification, or WebAuthn, promises a simpler and safer way of signing up to a site. Rather than register with a username and password, the user registers a fingerprint, retina, or other biometric stored in a smartphone.
The system relies on public-key cryptography and ensures that each site a user signs up to has its own key pairs, addressing the common problem of password reuse.
Chrome 67 and Firefox 60 will ship with the WebAuthn API enabled by default when they reach stable release in May.
Once this API is available, a person could visit a site on a laptop, hit the sign-up button, and then receive a prompt on a smartphone asking the user to register.
The registrant needs to provide an 'authorization gesture', which could be a PIN or a fingerprint that then becomes linked to that account. In future, the individual will be able to sign in again with the same gesture.
See also: Password management policy
The API would allow application developers to offer the type of sign-in processes that Google and Microsoft have rolled-out for their respective users.
As Duo Security's Nick Steele recently noted, the WebAuthn spec draws on the FIDO Alliance's earlier standard called UAF or Universal Authentication Factor, but has a number of technical advantages and, more important for its long-term prospects, has backing from Google, Microsoft, and Mozilla.
The specification in January moved to the Candidate Recommendation (CR) stage of approval as a standard.
Although Apple's Safari browser doesn't currently support WebAuthn, it has several staff on the Web Authentication working group.
Previous and related coverage
Google now blocks uncertified Android devices from using its core apps
Google closes a loophole that allowed uncertified devices to skip its compatibility tests.
Snooping on HTTPS is about to get harder: TLS 1.3 internet encryption wins approval
The latest version of the protocol for HTTPS secure connections gets green light from the IETF.
Firefox in 2018: We'll tackle bad ads, breach alerts, autoplay video, says Mozilla
Firefox could get its own ad blocker and breach notifications alerts, according to Mozilla's 2018 roadmap.
Passport name out, Hello anchors Windows 10 MFA platform
Windows 10 Anniversary Update showcases evolution of Microsoft's multi-factor authentication efforts
Why passwords are a terrible method of authentication (TechRepublic)
BioCatch's VP Frances Zelazny explains how biometric security could soon replace passwords.