Mozilla has released its new browser, Firefox 60, which supports password-free logins to websites using Web Authentication API.
The browser comes with the Web Authentication or WebAuthn enabled by default. With the WebAuthn API, users will be able to use authentication keys such as YubiKey, fingerprint readers or facial-recognition features on smartphones, and such for logging into websites rather than passwords.
For now, WebAuthn supports security keys like Yubico but in future will also support mobile authentication using notifications from supporting websites.
“This resolves significant security problems related to phishing, data breaches, and attacks against SMS texts or other second-factor authentication methods while at the same time significantly increasing ease of use (since users don’t have to manage dozens of increasingly complicated passwords),” Mozilla wrote.
Some are saying that this will replace passwords entirely, but for now it is being used as an extra layer of protection for users. In support of the same, Dropbox this week introduced WebAuthn login support as well.
“Your credentials could be stored on a device like your phone, laptop, or security key, and services could use WebAuthn to sign in to your account after you scan your fingerprint or input a PIN on the device,” wrote Dropbox programmer Brad Girardeau in a blogpost. “There are still many security and usability factors to consider in these scenarios before replacing passwords entirely, and we believe that enabling WebAuthn for two-step verification strikes the right balance for most users right now.”
WebAuthn is also expected to be seen in Chrome 67 and Microsoft Edge.