網頁新標準問世,瀏覽器開始消滅密碼
一些全球人氣最高的網頁瀏覽器正努力弄死密碼。 制定互聯網標準的組織FIDO聯盟和W3C聯合推出了一個新的認證標準,允許網頁瀏覽器和網站支持以生物辨識技術替代登陸密碼。這項名為WebAuthn的標準其實是一種應用程序接口(API),網頁開發者可以應用在網站上,通過指紋識別、甚至像蘋果Face ID一樣的面部掃描技術確認用戶的身份。 據美國科技媒體Engadget稍早報道,火狐瀏覽器已經在配合WebAuthn,谷歌的Chrome和微軟的Edge都將在未來幾個月調整適配WebAuthn。運營Safari瀏覽器的蘋果公司尚未宣布支持WebAuthn。 從技術角度看,WebAuthn問世可能提升互聯網的安全性。多年來,黑客攻擊、網絡詐騙和數據泄密層出不窮,僅憑密碼保護數據安全已經不夠。互聯網企業轉而采用二元認證。這種方式要求用戶除了提供密碼,還要輸入發送到智能手機上的驗證碼確認身份,但還是沒有生物識別方式安全。 去年9月,蘋果發布新款iPhone,當時詳細介紹了生物識別安全技術。蘋果表示,如果使用iPhone的Touch ID指紋掃描技術,每5萬次識別之中可能會失敗一次。而如果采用Face ID掃描面部,失敗比例會下降到百萬分之一。兩種方式不管選哪種,都比單單一個密碼要強。 不過,短期內密碼不會很快消失。雖然WebAuthn已經正式發布,但還只是一種“推薦”方式,可能要經過調整才能成為行業標準。無論如何,新推薦方式為網站和瀏覽器替換現有密碼奠定了基礎。現在就看網站經營者和瀏覽器公司如何擔負責任全力支持了。(財富中文網) 譯者:Pessy 審校:夏林 |
Some of the most popular Web browsers are trying to kill your passwords. Internet standards organizations the FIDO Alliance and W3C have launched a new specification that allows Web browsers and websites to support biometric encryption methods in place of passwords. The specification, called WebAuthn, is an application programming interface (API) that Web developers can integrate into their websites and allow fingerprint readers and even face scanners like Apple’s Face ID to verify a person’s identity. According to Engadget, which earlier reported on WebAuthn, Firefox already works with the technology. Google’s Chrome and Microsoft Edge are slated to add support for WebAuthn within the next few months. Apple, which operates its Safari browser, has yet to announce support for WebAuthn. The move could technically create a more secure Internet. As the rash of hacks, scams, and data breaches have shown over the last several years, passwords alone are not necessarily a suitable safeguard for data. Companies have moved to two-factor authentication, which requires users to input a code sent to their smartphones in addition to a password to verify their authenticity, but that still isn’t as secure as biometrics. At its iPhone unveiling in September last year, Apple talked in detail about biometric security. The company said that its Touch ID fingerprint scanner could be duped in 1 in 50,000 cases. That jumped to 1 in 1 million cases with its Face ID face scanner. Either way, that’s better than a simple password. Still, passwords aren’t dying anytime soon. While WebAuthn has officially launched, it’s still considered a “recommendation” and could be modified before it becomes a standard. The recommendation paves the way for websites and browsers to support alternatives to passwords, but now the onus is on website owners and browser companies to support it. |