Windows 10 is nearing the end of passwords with WebAuthn for Edge

Microsoft has a small surprise hidden in its latest preview Windows 10 Redstone 5 . The company is about to remove this dispensable need to keep a ton of unique passwords to connect to your favorite websites.


Edge is still replaced by Chrome as the default browser on most Windows 10 devices, but it will soon have a new exclusive Windows Hello authentication feature that could make it a preferred browser for connecting to frequently visited sites.

WebAuthn, short for Web Authentication, is a W3C specification developed in collaboration with the FIDO Alliance, the group that developed the specification to allow users to connect to websites using a security key, such as Yubikey from Yubico. But above all, it is already supported by Mozilla Firefox, Google Chrome and Microsoft Edge. The specification reached the Candidate Recommendation (CR) stage last March .

WebAuthn allows users to log in using a security key such as Yubikey's USB or NFC keys or Google's NFC and Bluetooth FIDO Titan key. The system also works with a biometric fingerprint such as a fingerprint or an iris, stored in a phone instead of a password. This allows the devices to connect via USB, Bluetooth Low Energy or NFC.

Many followers
The addition of WebAuthn to Firefox 60 provided a preview of what the connection to websites might be in the future, when the support will be larger. Dropbox, which already allowed Chrome users to connect with Yubikey as a second factor, has also extended this option to Firefox users .

Chrome 67 also supported WebAuthn support. In simple terms, this allows users to register key pairs on a WebAuthn supported site, and a secure device.

Microsoft bragged in a blog post that Edge's implementation of the CR version of Web Authentication is "the most comprehensive support for Web authentication to date, with support for a wider variety of credentials than other browsers ".

Hard to do worse than the current situation
" Windows Hello allows users to authenticate without a password on a Windows 10 device, using biometrics (face recognition and fingerprint) or a PIN code to connect to websites that support Web Authentication in seconds , with just a glance. " FIDO2 devices are also supported.

Clearly, Microsoft no longer has a smartphone platform for future uses of WebAuthn. But he has not hesitated to create a bunch of applications on Android and iOS recently, which facilitates the connection with Windows 10 devices.

In any case, the justification for the support of this technology is quite simple to understand. Current password management is a potential security disaster, as evidenced by ridiculous passwords, reuse of passwords, silly password rules, and massive data breaches.

"We trust websites to process credit card numbers, register addresses and personal information, and even to handle sensitive files such as medical information," says Microsoft. "All this data is protected by an old security model, the password, but passwords are hard to remember and are inherently insecure, often reused and vulnerable to phishing and cracking."