Leading from the front, Microsoft has finally introduced Web Authentication in Microsoft Edge browser to ease the process of validation, enabling a password-less experience on the web. With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of the old school process of typing-in passwords.
“Staying secure on the web is more important than ever. We trust web sites to process credit card numbers, save addresses and personal information, and even to handle sensitive records like medical information. All this data is protected by an ancient security model—the password. But passwords are difficult to remember, and are fundamentally insecure—often re-used, and vulnerable to phishing and cracking. For these reasons, Microsoft has been leading the charge towards a world without passwords, with innovations like Windows Hello biometrics and pioneering work with the FIDO Alliance to create an open standard for passwordless authentication – Web Authentication,” Angelo Liao, Program Manager, Microsoft Edge and Ibrahim Damlaj, Program Manager, Windows Security, wrote in a blog.
Microsoft first introduced this feature in 2016 when it shipped the industry’s first preview implementation of the Web Authentication API in Microsoft Edge. Since then, Microsoft has been updating its implementation as it worked with other vendors and the FIDO alliance to develop the standard. The FIDO Alliance is an industry consortium launched in 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords.
One of the best examples of password-less sign-in is Windows Hello. Windows Hello allows users to authenticate without a password on any Windows 10 device, using biometrics — face and fingerprint recognition — or a PIN number to sign in to web sites. With Windows Hello face recognition, users can log in to sites that support Web Authentication in seconds, with just a glance. Microsoft claims that its implementation provides the most complete support for Web Authentication to date, with support for a wider variety of authenticators than other browsers.
“Users can also use external FIDO2 security keys to authenticate with a removable device and your biometrics or PIN. For websites that are not ready to move to a completely passwordless model, backwards compatibility with FIDO U2F devices can provide a strong second factor in addition to a password,” the Microsoft executives said.
According to the analytics firm StatCounter, Google Chrome had 59.68 percent of browser market share worldwide in July 2018. Apple’s Safari holds 13.85 percent share followed by UC Browser at 7.05 percent, Firefox with 5.01 percent and Opera (3.35 percent). Microsoft Edge is one of the browsers that have less than three percent market share.
Recently, a report said that Google could soon allow its users to export saved passwords on Chrome in an easier and more intuitive manner. When a user visits any website and enters their credentials, Chrome browser automatically offers to save passwords and acts as a password manager from then on. With the password export feature, all the users’ passwords will be saved to a CSV file and they will be able to use a third-party application for password management. To export their passwords, users can navigate to the Manage Password tab in the browser's settings. Clicking on the three-dot menu near Saved Passwords, they will see an option for exporting all saved passwords to a CSV file.