互联网在淘汰密码上迈出了一大步,替代品是什么呢?
密码是个棘手的问题,你可能不得不时常更改密码以免被侵入,或是重置密码,或是记住用邮箱地址注册的每个用户平均多达130个账户的独特密码。 本周一,万维网联盟(World Wide Web Consortium)和线上快速身份验证联盟(FIDO Alliance)宣布WebAuthn成为官方认可的网络标准,在淘汰密码上迈出了一大步。WebAuthn是网络身份验证(Web Authentication)的缩写,它可以让用户通过生物特征技术,例如指纹和面部识别,或安全密钥,或智能手机、智能手表等设备进行登录,从而淘汰密码。 万维网联盟表示,除了不用记忆或输入密码的便利之外,新的登录标准在安全上也有很大优势。FIDO2等登录秘钥对特定网站而言是唯一的。如果用户选择面部或指纹识别登录,这一信息只会存储在用户的设备上,而不会保存在服务器端。此外,这些独特的认证信息也有助于阻止公司在互联网上监视用户并追踪他们的操作。 大部分流行的浏览器,包括谷歌(Google)Chrome、微软(Microsoft)Edge、苹果(Apple)的Safari和火狐(Firefox),都已经兼容WebAuthn。官方的认证为更多网页将其作为标准登录方式铺平了道路。Dropbox和微软去年宣布兼容WebAuthn,成为了它的早期采用者。 尽管密码在短期内还不会进入科技的坟墓,但本周一发布的声明更像是一个警告,标志着密码作为最可靠和保险的网络安全凭证的时代已经快到尽头了。(财富中文网) 译者:严匡正 |
Passwords are problematic, whether it’s constantly having to change them due to a hack, resetting them, and even just remembering a unique password for the 130 accounts the average user has registered to their email address. The Worldwide Web Consortium and the FIDO Alliance took a big step toward killing the password on Monday when they announced WebAuthn, which is short for Web Authentication, is now an official web standard. The login format kills the password in favor of letting people log in using biometrics, such as fingerprints, and facial recognition, or through security keys, and devices such as smartphones, and smartwatches. Aside from the ease of not having to remember or enter a password, the new login standard also has some major security benefits, according to the Worldwide Web Consortium. Login keys, such as FIDO2, are are unique to a specific site. If a person chooses to login using their face or fingerprint, that information is only stored on their device, and never stays on a server. Additionally, those unique credentials could help prevent companies from following users around the Internet and tracking their every move. WebAuthn is already supported by most popular browsers, including Google Chrome, Microsoft Edge, Apple’s Safari, and Firefox. Its official approval paves the way for more sites to integrate it as a standard login option. Dropbox and MIcrosoft were both early adopters that announced support for WebAuthn last year. While the password isn’t going to the tech graveyard in the near future, the announcement on Monday was mostly a warning sign that its reaching the end of its time as the most trustworthy and safe Internet security credential. |