Passwords are kind of a pain. You probably have sign-in credentials for about a million services, and ideally, they're all different. Password managers can help, but they're often finicky. A new standard by the FIDO Alliance and the World Wide Web Consortium (W3C) called Web Authentication API could simplify your digital life by allowing for password-free sign-ins across a wide variety of websites.

Instead of entering a password, users use their phone's registered unlock method, be it PIN, pattern, or fingerprint. A paper on the project by the W3C is publicly available, if you want to read about it in-depth. It's dense. In a nutshell, when signing in using the new standard, you enter your email address or username and choose a "Sign in with your phone" option. You're then prompted on your phone to complete the sign-in process. The process is a lot like the two-factor authentication you're (hopefully) already using, but without the use of a password.

The W3C explains the user experience like this:

  • On a laptop or desktop:
    • User navigates to example.com in a browser, sees an option to "Sign in with your phone."
    • User chooses this option and gets a message from the browser, "Please complete this action on your phone."
  • Next, on their phone:
    • User sees a discrete prompt or notification, "Sign in to example.com."
    • User selects this prompt / notification.
    • User is shown a list of their example.com identities, e.g., "Sign in as Alice / Sign in as Bob."
    • User picks an identity, is prompted for an authorization gesture (PIN, biometric, etc.) and provides this.
  • Now, back on the laptop:
    • Web page shows that the selected user is signed in, and navigates to the signed-in page.

The process might not seem practical for some use cases, but it would be handy for logging in on a computer that isn't yours, like at a library or a computer lab. Engadget reports that the standard "is useful right now" in Mozilla Firefox and is coming "in the next few months" to Chrome and Microsoft Edge.

UPDATE: 2018/05/30 6:34pm PDT BY

Chrome 67 is now rolling out on the desktop, with the Web Authentication API included. We'll have a full post about the changes in Chrome 67 once it becomes available for Android.

Source: World Wide Web Consortium

Via: Engadget