The new Firefox browser was released May 9th, and it comes with something extra. Firefox now supports a new security standard called Web Authentication (WebAuthn).
It’s been a long — shall we say loooong — time since Firefox was at the top of the browser world. Back in the summer of 2009, about the time that the iPhone 3GS was unveiled, Firefox had 47.9% of the browser market; Internet Explorer was second at 39.4%, while Chrome, Safari and Opera were all in the single digits. The most recent report from w3schools.com shows that Chrome serves 78.6% of the traffic now, with Firefox second at 11.2%.
This news probably won’t catapult Firefox to the top because both Chrome and Microsoft Edge will adopting the same security standard in their browsers in the coming months, but Firefox is first to incorporate WebAuthn.
So what does this mean for you? Almost every financial transaction you make online, from buying concert tickets to shopping for clothes and paying bills, requires that you enter a password to authenticate your account.
Of course, with technical change will come human change. And you know how well we all adapt to change. With a Firefox browser, WebAuthn allows you to use a device, such as a YubiKey, to sign into your online accounts without typing a password. Yes, without typing a Pa$$w0rd! The change is that you need that external device. In the example, you insert the Yubikey into your computer’s USB port then touch the Yubikey with your finger. Of course, this works only with websites that have adopted WebAuthn.
According to the official Web Authentication documentation, public key credentials are created and stored on an authenticator (the external device) by the user (that would be you) in conjunction with the web application. Authenticators are responsible for ensuring that no operations are performed without the user’s consent. Passwords give way to authenticators.
Now you just have to remember where you put that darn authenticator.