Goodbye Passwords: FIDO’s WebAuthn Specification Gets W3C Stamp of Approval

“News of W3C’s WebAuthn approval comes on the heels of the announcement that the entire Android platform had received FIDO2 certification from the FIDO Alliance…”

The WebAuthn authentication specification is now an official web standard, the World Wide Web Consortium (W3C) and FIDO Alliance have announced.

The news comes almost a year after the announcement that the WebAuthn API specification had moved to “Candidate Recommendation” status in the the W3C’s standards program, clearing the way for real world testing. A central component of the FIDO2 authentication standard, WebAuthn is designed to enable end users to login to online accounts using biometric authentication or second-factor security keys, allowing for considerably stronger security than that afforded by passwords.

Further to WebAuthn’s official approval as a W3C web standard, all of the major web browsers already support FIDO2 and WebAuthn, including a preview version of Apple’s Safari, despite that company’s tendency to blaze its own trail with respect to privacy and security. Though their support for the standards may to some extent have been the product of the expectation that WebAuthn would ultimately meet W3C’s approval.

In a statement announcing that development, W3C CEO Jeff Jaffe said that his organization’s WebAuthn Recommendation “establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit,” adding, “W3C is working to implement this best practice on its own site.”

News of W3C’s WebAuthn approval comes on the heels of the announcement that the entire Android platform had received FIDO2 certification from the FIDO Alliance, further signalling the spread of FIDO’s strong authentication standards across the tech world.