互聯網在淘汰密碼上邁出了一大步,替代品是什么呢?
密碼是個棘手的問題,你可能不得不時常更改密碼以免被侵入,或是重置密碼,或是記住用郵箱地址注冊的每個用戶平均多達130個賬戶的獨特密碼。 本周一,萬維網聯盟(World Wide Web Consortium)和線上快速身份驗證聯盟(FIDO Alliance)宣布WebAuthn成為官方認可的網絡標準,在淘汰密碼上邁出了一大步。WebAuthn是網絡身份驗證(Web Authentication)的縮寫,它可以讓用戶通過生物特征技術,例如指紋和面部識別,或安全密鑰,或智能手機、智能手表等設備進行登錄,從而淘汰密碼。 萬維網聯盟表示,除了不用記憶或輸入密碼的便利之外,新的登錄標準在安全上也有很大優勢。FIDO2等登錄秘鑰對特定網站而言是唯一的。如果用戶選擇面部或指紋識別登錄,這一信息只會存儲在用戶的設備上,而不會保存在服務器端。此外,這些獨特的認證信息也有助于阻止公司在互聯網上監視用戶并追蹤他們的操作。 大部分流行的瀏覽器,包括谷歌(Google)Chrome、微軟(Microsoft)Edge、蘋果(Apple)的Safari和火狐(Firefox),都已經兼容WebAuthn。官方的認證為更多網頁將其作為標準登錄方式鋪平了道路。Dropbox和微軟去年宣布兼容WebAuthn,成為了它的早期采用者。 盡管密碼在短期內還不會進入科技的墳墓,但本周一發布的聲明更像是一個警告,標志著密碼作為最可靠和保險的網絡安全憑證的時代已經快到盡頭了。(財富中文網) 譯者:嚴匡正 |
Passwords are problematic, whether it’s constantly having to change them due to a hack, resetting them, and even just remembering a unique password for the 130 accounts the average user has registered to their email address. The Worldwide Web Consortium and the FIDO Alliance took a big step toward killing the password on Monday when they announced WebAuthn, which is short for Web Authentication, is now an official web standard. The login format kills the password in favor of letting people log in using biometrics, such as fingerprints, and facial recognition, or through security keys, and devices such as smartphones, and smartwatches. Aside from the ease of not having to remember or enter a password, the new login standard also has some major security benefits, according to the Worldwide Web Consortium. Login keys, such as FIDO2, are are unique to a specific site. If a person chooses to login using their face or fingerprint, that information is only stored on their device, and never stays on a server. Additionally, those unique credentials could help prevent companies from following users around the Internet and tracking their every move. WebAuthn is already supported by most popular browsers, including Google Chrome, Microsoft Edge, Apple’s Safari, and Firefox. Its official approval paves the way for more sites to integrate it as a standard login option. Dropbox and MIcrosoft were both early adopters that announced support for WebAuthn last year. While the password isn’t going to the tech graveyard in the near future, the announcement on Monday was mostly a warning sign that its reaching the end of its time as the most trustworthy and safe Internet security credential. |