Browse cities

The World Wide Web Consortium (W3C) is putting cybersecurity on its radar. It has announced that it is launching a new working group designed to standardize Web authentication and provide a more secure and flexible solution to password-based logins.

“Every other week you see news of a password leak or data leak from another major site, and as a user of the Web, every place you go you are asked to log in with a username and password,” said Wendy Seltzer, technology and society domain lead for the W3C. “That is difficult to manage on the user side, and not the best we can do in security.”

The new Web Authentication Working Group will work on creating a Web-wide standard that provides strong authentication without relying on a password. According to the organization, even strong passwords are susceptible to phishing attacks, database breaches and other hack attacks.

“When strong authentication is easy to deploy, we make the Web safer for daily use, personal and commercial,” said Tim Berners-Lee, director of the W3C. “With the scope and frequency of attacks increasing, it is imperative for W3C to develop new standards and best practices for increased security on the Web.” The W3C’s work will be supplemented with the FIDO Alliance’s FIDO 2.0 Web APIs. According to Seltzer, FIDO has already had success developing its own multi-factor authentication, and its APIs will help the working group ensure standards-based strong authentication across all browsers and related infrastructure. “Our mission is to revolutionize authentication on the Web through the development and global adoption of technical specifications that supplants the world’s dependency on passwords with interoperable strong authentication,” said Brett McDowell, executive director of the FIDO Alliance.

“With W3C’s acceptance of the FIDO 2.0 submission, and the chartering of this new Web Authentication Working Group, we are well on our way to accomplishing that mission.” In addition, the working group will complement prior work on the Web Cryptography API and Web application security specifications. “We’ve seen much better authentication methods than passwords, yet too many websites still use password-based logins,” said Seltzer.

“Standard Web APIs will make consistent implementations work across the Web ecosystem. The new approach will replace passwords with more secure ways of logging into websites, such as using a USB key or activating a smartphone. Strong authentication is useful to any Web application that wants to maintain an ongoing relationship with users.” The Web Authentication Working Group’s first meeting will take place on March 4 in San Francisco.

Source: http://sdtimes.com

Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

Apigee Edge Microgateway: Why Would You Want to Use It and When Should You? 10 Typical Use Cases
So you're evaluating and comparing all the available solutions for centralizing and standardizing your APIs. And… (Read more)
Adriana Cacoveanu / Jan 17 '2020
Drupal 8 Media Library: Simplify The Way You Embed Media (2 Significant Improvements in Drupal 8.8)
Powerful, full-featured media handling in Drupal. This has been your, our, and all the content authors and Drupal… (Read more)
Adriana Cacoveanu / Jan 15 '2020
OPTASY Favorites: 5 Drupal Blog Posts that We Loved in December
We must have been some very well-behaved kids developers, judging by the big pile of great Drupal blog posts that… (Read more)
Adriana Cacoveanu / Dec 20 '2019