![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/11\/iphonex-faceid-apple-100740908-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Thu, 06 Dec 2018 07:00:00 -0800<\/strong><\/p>\n Imagine using Face ID on your iPhone alongside a password and Touch ID on your computer in order to access highly secure websites, such as online banks, enterprise intranets and confidential online data services.<\/p>\n That\u2019s a possibility as Apple begins testing a new security standard called WebAuthn.<\/p>\n Apple has begun beta-testing support<\/a> for the standard in Safari Technology Preview<\/a>\u00a0Release 71, thought it does warn this support is an \u201cexperimental feature\u201d, so it may go no further than that.<\/p>\n WebAuthn<\/a> (Web Authentication) technology lets websites\/online services use hardware keys (typically USB devices) to authenticate your identity when you try to access them.<\/p>\n These keys are usually used alongside passcodes and other security protections (including 2FA<\/a>) to provide even stronger protection when you access these services.<\/p>\n While not based on the same technology, many online banking consumers may have been offered authentication devices by their banks, but such hardware\/software keys are also used elsewhere, in government and the military for example.<\/p>\n WebAuthn also supports a companion standard called FIDO2, which lets hardware keys use Bluetooth and NFC for authentication of WebAuthn sessions. In theory, this means you can use existing security devices, including fingerprint readers, cameras and USB keys as website authentication systems.<\/p>\n It isn\u2019t known if Apple will support FIDO2, but if it did it may potentially be able to create a system in which iPhones (or even an Apple Watch) became a hardware \u201ckey\u201d used to access secure services, leveraging its advantages in biometric security and the industry-leading security of its operating systems.<\/p>\n This would tie an individual user\u2019s mobile device up to a PC, Mac or iPad used to access the system, and would replace or at least supplement password protection.<\/p>\n It is important to add that WebAuthn is not yet fully endorsed by the W3C, particularly in light of recent warnings from the Paragon Initiative<\/a> that some of the algorithms used in the standard may be outdated and vulnerable to attack.<\/p>\n WebAuthn is also supported in Mozilla, Microsoft Edge and Google.<\/p>\n Its existence confirms that security protection will become increasingly dependent on multifactor hardware\/software\/biometric security models.<\/p>\n It must.<\/p>\n A quick scan of the news headlines confirms that the velocity of major attacks is increasing, with huge companies (such as the Marriot hotel chain) impacted.<\/p>\n This means millions of customer details — including names and passwords used across multiple services — that have been stolen through this and many other attacks are almost certainly now trading on the dark web.<\/p>\n The industry must recognise that the security challenges around phishing and data theft extend way beyond financial transactions and personal data security, but also threatens the political process.<\/p>\n