The Biggest Design Problem on the Internet

Authentication. Or in everyday terms, usernames and passwords. We all have too many, and managing them is a major pain. That pain is exponential for companies who have to manage credentials for their employees. I’ve seen corporate IT managers pull their hair out (literally) over one lazy employee’s weak password bringing down a network.

We use 1Password to manage everything at Nine Labs, and it does as good a job as anyone can expect given the complexity of the task. I’ve also heard good things about Dashlane and LastPass. But all of that might go away soon.

The W3C (the people who make standards for the Web) announced Web Authentication API, or WebAuthn, as an official standard. It’s an open-source way for anyone to create password-free logins, paving the way for a true no-nonsense way to login to all your favorite websites with minimal fuss.

It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico.

The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.” – VentureBeat

Dropbox and Microsoft have already begun supporting the standard, and many other companies have begun working on their implementations. Expect to see more websites and web apps adopting WebAuthn soon.

Some questions have yet to be answered, like: How can you share credentials to a service with your spouse, or a client?

This remains to be seen, but my guess is a big winner here could be services like Netflix and Hulu, who have large numbers of users mooching off a friend’s or family member’s account. Maybe that alone will drive content companies to adopt WebAuthn sooner than they otherwise would, but they also risk making a lot of people mad. It’s tough balance.

Read more on VentureBeat and The Verge

RELATED: ji32k7au4a83 is a surprisingly bad password. Link