Google Chrome 67 embraces the post-password future of the web

Google has released its Chrome 67 desktop browser, featuring support for the WebAuthn API designed to lessen our reliance on typed usernames and passwords.

Chrome 67 for Windows, Mac and Linux will enable users to register and sign-in using biometric information gleaned from an accompanying smartphone, or a USB key.

On sites supporting the standard, desktop users will receive a prompt on their smartphone after choosing to create an account. From there users be asked to use their fingerprint, retina, facial recognition from a tool like Face ID or even a photo from their library. This process can be repeated whenever users attempt to sign into the website after registration.

Related: Best web browser

The tool, which is already supported by Firefox 60, also allows access via physical authentication devices like the YubiKey USB dongle.

While there’s still a long way to go before this tech is mainstream it is thought the WebAuthn tech could play a major role in limiting password and identify theft, while cracking down on the effectiveness of online phishing attacks.

External authenticator

The tech has been developed by the FIDO Alliance and the World Wide Web Consortium (W3C), who wrote in a joint press release last month: “Enterprises and online service providers looking to protect themselves and their customers from the risks associated with passwords — including phishing, man-in-the-middle attacks and the abuse of stolen credentials — can soon deploy standards-based strong authentication that works through the browser or via an external authenticator.”

When Mozilla rolled out Firefox 60 last month it extolled the virtues of WebAuthn. It wrote: “It supports various authenticators, such as physical security keys today, and in the future mobile phones, or biometric mechanisms such as face recognition or fingerprints. When your YubiKey is plugged in, the website will read it and automatically log you into your accounts.”

Elsewhere, Chrome 67 includes the Generic Sensor API, which allows web apps to communicate with sensors in VR headsets and other wearable devices like fitness trackers (via Chrome Releases). So, in the case of VR headsets, web apps will be able to pick up the turn of a head and react accordingly.

Are you too heavily reliant on passwords? Drop us a line @TrustedReviews on Twitter.