Skip to main content
  1. Home
  2. Computing
  3. News

Chrome now supports the new password-free login standard

Kevin Parrish
By

Although Google’s Chrome browser already enabled “password-free” logins by supporting the FIDO (Fast IDentity Online) U2F standard, the latest desktop version hitting the stable channel this week, Chrome 67, now includes support for the new WebAuthn standard. But don’t worry: If you previously used physical security keys to log into Facebook and Google, they won’t need a replacement given WebAuthn is backward compatible. 

If you’re not sure as to what all this means, websites, browser developers, device manufacturers, and the FIDO Alliance have been working together to eliminate passwords since 2014. The platform relies on cryptographic keys thus login credentials are never stored on your device or on the servers hosting your favorite service. 

Recommended Videos

The first FIDO standard arrived in December 2014 followed by FIDO U2F in June 2015 and FIDO2 in April 2018. The first two standards rely on secondary devices, like Yubico’s Security Key and YubiKey NEO USB-based devices, to create these cryptographic keys. Other supported technologies include Bluetooth, Near Field Communication (NFC), and biometrics. The alliance began working with the World Wide Web Consortium to create a client-side standard called WebAuthn in early 2016. 

Related

The idea behind WebAuthn is to bring the cryptographic key creation and exchange directly to the browser. Prior to WebAuthn support, logins rely on passwords even though you don’t need to enter credentials each time you log onto a service: Physical security keys and biomeetric devices merely “authenticate” those credentials. But with WebAuthn support in place, you sign into an account only with a username: No password is required.

“In many cases, this single factor authentication is more secure than other forms of two-factor authentication (such as SMS), as there are no secrets that can be phished remotely,” a representative from Yubico told Digital Trends. “WebAuthn has also been blessed by the W3C, which means that all major web browsers are engaged to add support.”

Based on the current demo, you still need some form of physical “security token” like Yubico’s products or hardware supporting facial recognition and fingerprint scanning. As the demo shows, you can create an account without the need to submit a password, but the demo requires access to a physical key or connected biometric device. WebAuthn will eventually support biometrics on mobile devices, too. 

The big takeaway here is that a password-free internet is becoming more mainstream. This method protects WebAuthn-compliant accounts from server-side hacks, on-device malware, and hackers tapping into your internet connection. Firefox 60 introduced WebAdmn support in early May while the mainstream version of Microsoft Edge will include support in the next several months. 

Outside the new WebAuthn component, Chrome 67 includes a new Generic Sensor application programming interface (API). This enables the browser to support accelerometers, gyroscopes, orientation and motion sensors in web-based applications. For instance, a web app within Chrome can now detect movement speed if the parent device contains an accelerometer. 

Chrome 67 also now includes the WebXR Device API (aka web extended reality). According to Google, this feature will provide unified augmented and virtual reality experiences across desktop and mobile spanning from the smartphone-based Samsung Gear VR to the HTC Vive and Windows Mixed Reality headsets. The new API is available as an “origin trial,” Google states, and supports home shopping, art, immersive 360-degree videos, data visualization, traditional 2D and 3D videos presented in immersive surroundings, and games. 

Other features in the latest version of Chrome include the ability for web pages to process mouse events to disable the back and forward mouse buttons in web-based games. On Windows, the right-hand ALT key now serves as AltGraph on some layouts. The list goes on regarding SVG, DOM, custom elements in HTML, and more developer-centric details. 

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This new Google Chrome feature may boost your search history
A MacBook with Google Chrome loaded.

Google is adding a new feature to its Chrome web browser that’s intended to help you find previously browsed topics and pick up where you left off. Called Journeys, it’s rolling out now for Chrome’s desktop version.

The feature essentially works like an extension of browsing history. When you type a word into the search bar or head to the Chrome History Journeys page in your browser, you will see a list of previously visited sites linked to that topic. Chrome will know how much you’ve interacted with any particular site, and those it considers the most relevant to you will go to the top of the pile.

Read more
5 easy ways to dramatically increase security in Google Chrome
A MacBook with Google Chrome loaded.

If you're one of many people who use Chrome as your default web browser, then you might want to take some steps to ensure that it's extra secure. This can help you in a world where hackers are always after passwords and can easily spoof websites to look like the real thing.

Well, Google has a lot of tools built right into Chrome that can help with that protection. From Safe Browsing to encrypting passwords and more, we got you covered with five easy ways to dramatically increase security in Google Chrome.
Change your Safe Browsing settings

Read more
Update Google Chrome now to patch this critical security flaw
A MacBook with Google Chrome loaded.

You might want to update your Google Chrome web browser right away. Google recently issued a critical security update for Chrome, patching up 11 security issues, including two zero-day vulnerabilities that were exploited in the wild.

Released on September 13, Google first listed the patched vulnerabilities on the Chrome Releases blog. Full details are being withheld for security reasons, as Google wants a majority of users to update first.

Read more