The World Wide Web Consortium (W3C) has come up with a new authentication standard for websites and soon all websites and services around the world should allow biometric authentication.
These are good news for those who no longer want to remember passwords and usernames for the many of accounts they have on all websites and service they’ve signed up for.
This is a new encrypted authentication system that eliminates the need to enter passwords from any PC or mobile terminal for any website or any other online services.
Users will be able to use this new authentication system either separately or together. For example, a user will still be able to use the password entry, and the use of the fingerprint is an additional authentication method.
For PCs, they do not need to have built-in fingerprint readers, and external fingerprint readers that can connect via USB can also be used. For mobile devices, most of them have fingerprint readers, so there will be no problem.
Taking into account that W3C uses the biometric authentication term, we assume that iPhone X users will also be able to authenticate with facial recognition.
In addition, you will be able to log in to websites on your PC using your smartphone. One of the W3C usage scenarios describes the following: a user can find on the “example.com” website, and he or she will also have the option of logging in with their phone. The user will then see a message like: Please complete this action on your phone. This can mean fingerprint, face detection, PIN entry, or any other authentication gestures. Then, on their phones, the users will get a notification on their phone that they are trying to log in to the “example.com” website, and will be given the opportunity to log in with the desired account, and after logging in, the user should see in the browser on their PC that login was successful and allowed to access to the website.
From what we understand from the W3C documentation, the encryption system used to protect biometric authentication methods will allow administrators to protect user authentication data even if a site is attacked by a hacker.
If a hacker can now steal usernames and passwords, in the case of encrypted data, the hacker will not be able to use the information obtained without the encryption keys generated only by the authenticators.
In short, W3C says that user data cannot be stolen by hackers. At least until this is proven wrong.
Certainly, this standard will also create controversy from those who are afraid of collecting personal data, fingerprints, and so on, but it remains to be seen how end-users will receive this new Web authentication method.