Google is making it easier to sign into websites without the hassle of entering passwords.
The tech giant this week said it would release an updated desktop version of it browser, Chrome, that will allow users to log into online services using biometrics like fingerprints and through authenticators like a security key or mobile phone via bluetooth.
Web Authentication
FIDO Alliance and W3C
Chrome 67 for desktop will be available in the next few days or weeks, according to Google. It will save users from having to remember multiple passwords for most websites, which, as most everyone knows from first-hand experience, is difficult to do.
The update uses Web Authentication standards that were released in April by the FIDO Alliance and the World Wide Web Consortium (W3C), two international organizations that develop web security standards. These Web Authentication standards can be incorporated into browsers to allow for additional ways for users to securely sign into most sites.
Sam Srinivas, management director of Google Cloud security product, said in April about the new standards: “Google Chrome is dedicated to building a better web, and allowing developers to interact with secure keystores in a structured way helps us continue this mission. He added that “we’re excited for the launch of these standards and look forward to our continued collaboration.”
In addition to helping users avoid having to remember passwords, the update is intended to prevent phishing or middle-man attacks — tactics bad actors try to gain access to user passwords. “User credentials and biometric templates never leave the user’s device and are never stored on servers,” the FIDO Alliance and W3C release explains.
Specifically with Chrome 67, users will be able to use a “private/public key pair generated by an authenticator such as a security key, fingerprint reader, or any other device that can authenticate a user,” according to Google developer advocate Pete LePage.
Google Chrome, Microsoft Edge, and Mozilla Firefox all committed to using the Web Authentication standards in their browsers. Mozilla Firefox was the first to do so, and now with Chrome 67, Google is also adding it to its widely-used Chrome browser.
In addition to Web Authentication, Chrome 67 is rolling out “Site Isolation,” which will keep each browser tab separate so data cannot be shared between tabs to improve security and reduce the risks of Spectre,” a security vulnerability in some chips, according to Google.
No comments:
Post a Comment