{"id":160319,"date":"2018-04-17T06:42:14","date_gmt":"2018-04-17T10:42:14","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=160319"},"modified":"2018-04-17T06:42:14","modified_gmt":"2018-04-17T10:42:14","slug":"death-of-the-password-new-web-standard-trades-passcodes-for-biometrics","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2018\/04\/17\/death-of-the-password-new-web-standard-trades-passcodes-for-biometrics\/","title":{"rendered":"Death of the password? New web standard trades passcodes for biometrics"},"content":{"rendered":"<figure id=\"attachment_160326\" aria-describedby=\"caption-attachment-160326\" style=\"width: 960px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2018\/04\/password.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-160326\" src=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2018\/04\/password.jpg\" alt=\"A new security standard recently endorsed by the World Wide Web Consortium has experts excited about the prospect of making logins \u201cunphishable\u201d and ending the vulnerabilities that currently exist because so many users have poor \u201cpassword hygiene\u201d and reuse the same one across countless websites. (Pixabay photo)\" width=\"960\" height=\"640\" srcset=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2018\/04\/password.jpg 960w, https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2018\/04\/password-300x200.jpg 300w, https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2018\/04\/password-768x512.jpg 768w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><\/a><figcaption id=\"caption-attachment-160326\" class=\"wp-caption-text\">A new security standard recently endorsed by the World Wide Web Consortium has experts excited about the prospect of making logins \u201cunphishable\u201d and ending the vulnerabilities that currently exist because so many users have poor \u201cpassword hygiene\u201d and reuse the same one across countless websites. (Pixabay photo)<\/figcaption><\/figure>\n<p>The death of the password could be upon us.<\/p>\n<p>A new security standard recently endorsed by the World Wide Web Consortium has experts excited about the prospect of making logins \u201cunphishable\u201d and ending the vulnerabilities that currently exist because so many users have poor \u201cpassword hygiene\u201d and reuse the same one across countless websites.<\/p>\n<p>The Web Authentication (WebAuthn) standard developed collaboratively by members of the FIDO Alliance \u2014 which includes the likes of Amazon, Facebook, Google, Intel, Lenovo, Microsoft, PayPal, Samsung and Visa \u2014 allows web surfers to use biometrics such as fingerprints or facial scans instead of inputting a password. Plugging a compatible USB device into a computer can also be used to bypass password screens on participating websites.<\/p>\n<p>\u201cI don&#8217;t think the password will be killed tomorrow, or even within the next three to six months, or even year,\u201d says Joni Brennan, president of the non-profit Digital ID and Authentication Council of Canada.<\/p>\n<p>\u201cBut there&#8217;s a shift and a journey that needs to happen and to finally move past having so many passwords and ideally not having passwords at some point \u2014 this I think is a really key step.\u201d<\/p>\n<p>Mozilla&#8217;s Firefox browser has already implemented the technology while Google and Microsoft have also committed to updating their browsers.<\/p>\n<p>Users who adopt the new standard will basically be upgrading to a level of security used for protecting state secrets, says Vancouver native John Bradley, standards architect for the security hardware company Yubico, a board member of the FIDO Alliance.<\/p>\n<p>\u201cEssentially you&#8217;re moving people from being able to do remote attacks to phish you to actually having to break into your house and steal your phone &#8230; and extract your pin from you at gunpoint. It significantly raises the bar,\u201d says Bradley, who predicts some popular websites may start offering the new type of login within a couple of months.<\/p>\n<p>He says security experts call the login method \u201cunphishable\u201d because there&#8217;s no indication yet that hackers could compromise it.<\/p>\n<p>\u201cSo people would have to move onto other social-engineering schemes,\u201d he explains.<\/p>\n<p>\u201cBut there isn&#8217;t something you could tell someone over the phone if (a scammer) called you up&#8230; there isn&#8217;t anything the user can actually disclose to somebody else (to reveal their login), so it makes it very difficult for the attackers. I&#8217;m sure they&#8217;ll come up with some other scheme to keep security people in business, but this would cut off what&#8217;s becoming a major pain in the neck for people.\u201d<\/p>\n<p>Bradley notes that users who choose to use biometrics as an unlocking mechanism needn&#8217;t worry about their fingerprints being handed over to websites they visit. Biometrics are not uploaded during the login process and are not stored on the user&#8217;s device.<\/p>\n<p>\u201cAll the biometrics are local to the device, so you&#8217;re not sending your fingerprint to the website \u2014 that would be a bad thing from a privacy perspective,\u201d he says.<\/p>\n<p>Brennan expects some people might be nervous about using their biometrics routinely for logging in online and fear they&#8217;ll be misused. She admits it took her a while to warm to Apple&#8217;s Touch ID fingerprint technology on its devices.<\/p>\n<p>\u201cOver time I saw there was a convenience there and I was able to learn what was happening,\u201d she says.<\/p>\n<p>\u201cThat was a personal decision.\u201d<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The death of the password could be upon us. A new security standard recently endorsed by the World Wide Web &hellip;<\/p>\n","protected":false},"author":33,"featured_media":160326,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[4018,49782,49783],"class_list":["post-160319","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technology","tag-biometrics","tag-password","tag-world-wide-web-consortium","mauthors-michael-oliveira","mauthors-the-canadian-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/160319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=160319"}],"version-history":[{"count":0,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/160319\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/160326"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=160319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=160319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=160319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}