【密码登陆将要成为历史?】

【密码登陆将要成为历史?】万维网联盟最近组成一个小组研发一种可取代密码的登陆方式。登陆时,它将创建一个客户端(浏览器)的应用程序编程接口,通过使用一对认证密钥并基于所使用的设备进行登陆。目前谷歌,微软和贝宝的工程师已于2015年底提交一份方案,在这个方案中,如果你报告了手机丢失,原有凭证将不再能够登陆,直到用户自己重新进行注册。

The W3C, which creates standards that guide the future of the Web, has formed a new group with one goal: remove the need for passwords entirely by creating a better way to log in.

The group charged with changing the way we’re logging in doesn’t exactly have a name that rolls off the tongue — it’s called the “Web Authentication Working Group Charter.”

Despite the name, its purpose is finding a way to authenticate you without a password from your memory, instead encourage the use of two-factor authentication and per-device keys.

To solve the problem the idea is to create a client-side (browser) API that lets services use a pair of authentication keys to prove who you are based on the device trying to log in.

An existing proposal submitted in late 2015, called FIDO 2.0 that was submitted by Google, Microsoft and Paypal engineers, will be used as the framework for the new standard.

FIDO suggests that when you visit a website, a sign-in prompt would direct you to your phone to authenticate who you are — if you accept, you’re signed in securely on your computer.

The proposal also details what would happen if you lost your phone: if you report your phone as lost, the credential is not allowed to log in anymore until you can re-register yourself. This in itself could be an issue, since the new API may assume your phone is always on your person, though it’s too early to say for sure.

In charge of the group are Richard Barnes, Firefox Security Lead at Mozilla, and Anthony Nadalin, Partner Architect at Microsoft Corporation.

The standard is due for submission by December 2016 and it’ll take much longer to make its way to browsers, given that it will need to move through a stage of consultation and become a proposed recommendation before it’s made official.

Still, it’s exciting to hear that the stewards of the Web are looking into how we can solve the problem of most people still using “password” as their password, and a way to stop needing to remember them all would be welcomed.

The death of the password is near, and I can’t wait to stop using them.

http://thenextweb.com/insider/2016/02/18/the-creators-of-the-web-are-working-on-a-way-to-kill-passwords/


Comments are closed.



无觅相关文章插件