Web standards developer W3C has launched a Web Authentication effort aimed at replacing the use of passwords for log-ins with more secure authentication methods.
W3C, the World Wide Web Consortium, wants to enable cryptographic operations in place of password exchanges. Passwords are "too often forgotten or set to weak, and easily-guessed combinations," it said in a Feb. 17 news release, adding that even strong passwords are easily lost in data breaches and targeted in phishing attacks.
Tim Berners-Lee, director of W3C, described the effort as imperative in a time of security hacks and breaches increasing in size and frequency.
"When strong authentication is easy to deploy, we make the Web safer for daily use, personal and commercial," he said in the release.
Strong authentication is "useful" for web applications seeking to maintain their relationships with their users, but too many websites still use password-based logins, Wendy Seltzer, W3C technology and society domain lead, said in the release.
"Standard Web APIs will make consistent implementations work across the Web ecosystem," Seltzer said. "The new approach will replace passwords with more secure ways of logging into websites, such as using a USB key or activating a smartphone."
The Web Authentication technical work is based on a member submission of FIDO 2.0 Web APIs from the FIDO Alliance.
