Biometrics are everywhere. Almost all smartphones these days, even mid-range ones, have fingerprint scanners. Laptops and convertible tablets are slowly getting there. And while Apple seems to be doing away with them, it is replacing fingerprints with faces, yet another biometric security factor. The only place where this secure authentication method isn’t available is where they matter the most: the Web. But if the World Wide Web Consortium, a.k.a. W3C, has its way, even websites like, well, Facebook will support password-less logins in the near future.
Passwords are easy to forget and even easier to do wrong. The annual shame list of most terrible passwords just proves how bad humans are at protecting our own selves. While there might still be some debate and doubts, fingerprints, irises, and faces are still better than “1234” or your easy to guess birth date.
But logging in using your finger, eyes, or face requires two things. One is the hardware, the other is the software system to actually map those body parts to logins. The hardware part is easy. Fingerprint scanners are everywhere and even older computers can be equipped with USB scanners. The software side, at least for web-based logins, is where the problem lies at this point.
That’s why the W3C, the body that defines web standards like HTML, CSS, etc. teamed up with the FIDO Alliance. Short for “Fast ID Online”, the consortium made headlines a few years back when some big tech companies like Google and Microsoft started backing the campaign to kill insecure passwords. With the proposed Web Authentication standard, you could log into any online service on your browser using just your fingerprint.
At least that’s the theory. It still has to be tested in practice. And the proposal has to be approved, discussed, and ratified first anyway. It also depends on how well and how uniformly browsers will follow that standard and, as anyone who survived the browser wars knows, it’s no easy task.