Microsoft on Monday announced the launch of Web Authentication specification in Windows' native browser, Microsoft Edge to provide users with password-less access. Insiders will be able to use other secure methods such as fingerprint sensor, face unlock, PIN, or portable FIDO2 devices to unlock the browser instead of using a traditional password. The move comes as a measure to act against issues such as phishing and cracking. The CR version of Web Authentication will be available for beta testers on the latest Windows 10 Insider Build 17723 or higher. By default, Windows Hello will be available for secured access to Microsoft Edge.
Apart from Windows Hello, Microsoft Edge users can also use external FIDO2 security keys to authenticate biometrics and PIN using a removable device, connected to the Windows 10 PC. FIDO2 U2F devices are effective as a second factor on top of using a password.
"Staying secure on the web is more important than ever. We trust web sites to process credit card numbers, save addresses and personal information, and even to handle sensitive records like medical information," said Microsoft in a blog post. "All this data is protected by an ancient security model - the password. But passwords are difficult to remember, and are fundamentally insecure - often re-used, and vulnerable to phishing and cracking."
The first preview of Web Authentication API in Microsoft Edge as introduced back in 2016. After a couple of years in development, the API was granted Candidate Recommendation (CR) status in the W3C.
Earlier this month, with Windows 10 Insider Preview Build 17713, Microsoft Edge had received improvements including a per-site media autoplay controls feature that gives users the flexibility to customise specific sites, additions to the browser's PDF reader, and a new dictionary feature.