Apple’s Safari to allow password-less logins via Face ID and Touch ID this year
Apple’s next-generation Safari browser will let users to log into websites with Face ID or Touch ID. Apple announced the in Safari 14 Beta note that also states other new features for the next version of Apple’s Web browser. Apple gave details on how the feature works in a WWDC video format for developers.
The new functionality is built on the WebAuthn component of the FIDO2 standard, developed by the FIDO Alliance. With the help of Touch ID or Face ID users will be able to login to a website as easily as they login into a secured app.
Passwords can often be guessed and are likely more vulnerable to phishing attacks. Whereas, WebAuthn is an API (Application Program Interface) aiming to make web logins simpler and far more secure for users. WebAuthn API allows websites to use physical security keys on a user device in order to log in on a service. WebAuthn uses public-key cryptography and can use security methods like biometrics or hardware security keys to verify the user’s identity.
The new developments for the Safari 14 browser were announced during the ongoing Worldwide Developers Conference (WWDC). The WebAuthn was approved by the World Wide Web Consortium (W3C) last year and it has already been adopted by number companies like Google inside Chrome, Microsoft’s Windows, Dropbox, Firefox, and Edge.
The iOS 13.3 of last year added support for physical FIDO2-compliant security keys with the Safari web browser, and Google started making use of this with its accounts on iOS earlier this month. These security keys provide more protection for a user account as attackers need physical access to the key to gain access to the user account.
Apple’s devices have been using Touch ID and Face ID as part of the online login process, but in the past, this has relied on using the biometric security to autofill previously stored passwords into websites. However as said before WebAuthn can be used to bypass the password process, it’s not vulnerable to the same kinds of attacks that can make passwords insecure.
As per Cupertino, a California-based tech giant, “The new feature works with a new Web Authentication API, based on FIDO2 standard. Apple had signed up as a board member of the FIDO Alliance, an organization committed to eliminating the need for passwords, back in February. The API aims to make Web logins simpler and more secure since it relies on biometrics and physical keys to verify users’ identity.”
Not only this, but Safari 14 beta has also added support for Safari Web Extensions for macOS. This addition will allow developers to port their existing Chrome and Firefox extensions to work on the Safari browser. The Safari 14 beta has an added Webpage Translation (beta) that will help translate webpages into the language of the users’ choice. This works with languages like English, Spanish, French, German, Russian, Brazilian, and Portuguese.