新式在线身份认证或将终结密码的使用
A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use.
一种新的网络标准或将终结密码的使用,用户不再需要记住登录每个网站和个人设备的账号信息。
The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.
Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.
"WebAuthn will change the way that people access the Web," said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.
One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.
WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.