large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Google Chrome 67 embraces the post-password future of the web

Google has released its Chrome 67 desktop browser, featuring support for the WebAuthn API designed to lessen our reliance on typed usernames and passwords.

Chrome 67 for Windows, Mac and Linux will enable users to register and sign-in using biometric information gleaned from an accompanying smartphone, or a USB key.

On sites supporting the standard, desktop users will receive a prompt on their smartphone after choosing to create an account. From there users be asked to use their fingerprint, retina, facial recognition from a tool like Face ID or even a photo from their library. This process can be repeated whenever users attempt to sign into the website after registration.

Related: Best web browser

The tool, which is already supported by Firefox 60, also allows access via physical authentication devices like the YubiKey USB dongle.

While there’s still a long way to go before this tech is mainstream it is thought the WebAuthn tech could play a major role in limiting password and identify theft, while cracking down on the effectiveness of online phishing attacks.

External authenticator

The tech has been developed by the FIDO Alliance and the World Wide Web Consortium (W3C), who wrote in a joint press release last month: “Enterprises and online service providers looking to protect themselves and their customers from the risks associated with passwords — including phishing, man-in-the-middle attacks and the abuse of stolen credentials — can soon deploy standards-based strong authentication that works through the browser or via an external authenticator.”

When Mozilla rolled out Firefox 60 last month it extolled the virtues of WebAuthn. It wrote: “It supports various authenticators, such as physical security keys today, and in the future mobile phones, or biometric mechanisms such as face recognition or fingerprints. When your YubiKey is plugged in, the website will read it and automatically log you into your accounts.”

Elsewhere, Chrome 67 includes the Generic Sensor API, which allows web apps to communicate with sensors in VR headsets and other wearable devices like fitness trackers (via Chrome Releases). So, in the case of VR headsets, web apps will be able to pick up the turn of a head and react accordingly.

Are you too heavily reliant on passwords? Drop us a line @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.