If you have an iPhone or an iPad, chances are you’re a fan of the device’s biometric system (be it Face ID or the Touch ID) is huge – after all, thanks to it we were able to not only unlock the device, but also have access to numerous apps that require some kind of protection, such as financial (bank applications), password managers, etc.
But have you ever wondered if, in addition to applications, Face / Touch ID was used for web authentications? Well, you don’t have to imagine it anymore, as this is coming true!
In fact, the subject is not very new. The possibility of logging on to the web (through the Safari browser) using Face / Touch ID was mentioned by us more than two years ago, but it is only now coming out of the paper in a very secure way.
Meet Face ID and Touch ID for the web
Face ID and Touch ID offer a frictionless experience when signing in – and you can now use them on your Safari sites with the Web Authentication API. Find out how to add this convenient and secure login alternative to your website.
At a WWDC20 session, Apple demonstrated how developers can integrate this functionality into their websites.
For the use of biometrics to be possible in web services, the person must necessarily have a login with username, password and two-factor authentication properly activated. After the first login using these “jurassic means”, Face / Touch ID will come into action, making things much easier. It is more or less like what happens on the iPhone itself, where we have to enter the numeric (or alphanumeric) password at the first access; then just use Face / Touch ID for basically everything.
It is worth noting that login to websites by Face / Touch ID is not a biometric security layer to automatically fill in your password on a given device. The functionality is based on the WebAuthn component of the FIDO2 standard, developed by the FIDO Alliance.
Unlike passwords, which are easily guessed and vulnerable to attack by phishing, WebAuthn uses public key cryptography and can use security methods like biometrics or hardware security keys to verify your identity. In other words, we are talking about something very safe.
The bad news is that websites need to add support for this API – but with Apple joining the game now, it is quite possible that support will be widely adopted.
The novelty can be used (if properly adopted by websites, of course) on iPhones, iPads and Macs running the new operating systems – iOS 14, iPadOS 14 and macOS Big Sur.
via The Verge