Firefox 60 lands: It’s world’s first browser to give you password-free logins, says Mozilla

Firefox becomes first browser to support the Web Authentication API, taking the world closer to no-password logins.

Video: How Mozilla plans to win back Firefox users.

Mozilla has released Firefox 60 with support for a new option to sign in to websites without using a password.

That’s thanks to an emerging W3C standard called Web Authentication or WebAuthn, which is enabled by default in Firefox 60 and is coming later this month to Chrome 67, and Microsoft Edge. It’s also under consideration for Safari.

By removing passwords, the WebAuthn API will make phishing attacks a lot harder and gives users more convenient authentication choices, including hardware security key dongles such as a YubiKey device, fingerprint readers on smartphones, or facial-recognition systems like the iPhone X’s Face ID.

A key advantage, like the FIDO Alliance’s predecessor U2F standard for security keys, is that WebAuthn generates cryptographic public-private pairs for signing in, which means no shared secrets that could be leaked if a site is hacked.

Though the standard is currently only rolling out to desktop browsers, in future mobile browsers are likely to support it too.

Beyond signing into websites, WebAuthn combined with another WC3 standard in development, the Payment Request API, will one day make it possible to authorize online purchases from a mobile browser using a fingerprint.

But as it stands, Firefox for the desktop is the first browser to support WebAuthn. According to Mozilla, WebAuthn currently supports security keys like Yubico when plugged into a USB port, but in future it will enable biometric login from mobile devices following a notification issued by a website, so long as the site also supports WebAuthn.

Aligning with Firefox 60’s WebAuthn support, Dropbox this week rolled out support for the standard too.

Dropbox has supported U2F since 2015 but only allowed secure sign-in to Dropbox from Chrome. Dropbox sees potential in WebAuthn because it will allow secure sign-in from more browsers and eventually more devices.

However, for now, Dropbox and Firefox support for WebAuthn doesn’t entirely remove the need for passwords and currently serves as a means of more broadly supporting two-factor authentication.

Also arriving with Firefox 60 is Mozilla’s new money-making scheme “sponsored stories”, courtesy of its acquisition of the read-it-later service, Pocket. However, users can disable sponsored stories if they want.

The feature is rolling out to some US users and will appear in New Tab within Pocket recommendations. Mozilla stresses it is respecting user privacy by generating recommendations on the computer and that browsing history remains private.

Finally, Mozilla has released Firefox Quantum for Enterprise, a version of the browser for business that allows admins to use Group Policy for Windows machines or a JSON file that works for Windows, Mac and Linux.

Organizations can choose the standard Firefox Rapid Release with new features every six weeks or the slower Extended Support Release, which is updated annually.

 

SOURCE

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *