Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Microsoft Edge introduces Web Authentication for passwordless web security

Save for later
  • 2 min read
  • 01 Aug 2018

article-image

Security over the web via passwords can be crucial as passwords are hard to memorize, easy to forget and can be easily phished or cracked. However, Microsoft Edge has recently made dealing with passwords a lot easier by introducing the Web Authentication specification. This new feature allows an improved and a more secure user experience along with a passwordless experience on the web.

Using Web Authentication, Edge users can now sign in with their face, fingerprint, PIN, or portable FIDO2 devices. These methods leverage strong public-key credentials instead of passwords.

Why go passwordless?


Many users might still be skeptical of moving onto these methods. On the other hand, we allow most of the online websites (shopping, food ordering websites, and so on) to store our credit card numbers, our other sensitive information without any investigation. These credentials are hidden using just passwords; an outdated security model which can be easily hacked.

Microsoft aims for a secure and passwordless experience on the web via advanced methods such as Windows Hello biometrics and creation of Web Authentication, an open standard for passwordless authentication.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime

How does Web authentication work?


Windows Hello allows users to authenticate without a password on any Windows 10 device. They can make use of biometrics like face and fingerprint recognition to log in to websites by a simple glance or use a PIN number to sign in. External FIDO2 security keys also work for authentication with a removable device and the user’s biometrics or PIN.

There are still some websites which do not offer a complete passwordless model yet. For such websites, backward compatibility with FIDO U2F devices can act as a strong enough secondary security besides the password.

At the RSA 2018 conference, Microsoft discussed how APIs shall be used to approve a payment on the web via one’s facial identity.

To get started with Web Authentication in Microsoft Edge, one can install Windows Insider Preview build 17723 or higher to try out the updated feature.

Read more about this feature on the Microsoft Web Authentication guide.

Web Security Update: CASL 2.0 releases!

Amazon Cognito for secure mobile and web user authentication [Tutorial]

Oracle Web Services Manager: Authentication and Authorization