Chrome 67 Prepares To Kill Passwords
Once the only way to protect accounts, be they online or offline, passwords are now seen more as a liability than an ally. Everyone's out to kill it, from Apple to Microsoft to, now, Google. The rollout of the Chrome browser version 67 went almost under the radar. That, however, belies what's inside this feature packed release, which includes the beginning of the end for weak passwords using WebAuthn and something like a secure USB key or even your fingerprint.
Despite how long it has been in use, passwords were probably the worst technical solution to security. Humans are particularly bad at creating strong ones, let alone remembering them. Various solutions have popped up over the years, including the now favorite two-factor authentication or 2FA. WebAuthn springs from that, but expands the second factor to more than just ephemeral PIN codes.
Short for Web Authentication, WebAuthn allows the use of devices like USB keys or biometrics like fingerprints to sign into web pages, ZDNet reports. It's pretty much what smartphones and some laptops have enabled for logging into the devices themselves, except now available for websites and online services. Of course, just because Chrome 67 supports it doesn't mean it will happen automagically for all websites. Those still have to explicitly support the WebAuthn API, which is still on its way to becoming a W3C standard.
Google already showed the other features that will be arriving with Chrome 67. There's the Generic Sensors API from Intel, also going to be a standard soon, which gives web apps, specifically games, VR, and AR, access to a device's motion sensors and more. There's also WebXR, the proposed standard for creating both VR and AR (hence XR) experiences that will work on any platform or device that has a standards-compliant browser.
Google Chrome 67 is now out for Windows, Mac, and Linux desktops. In addition to the major features mentioned above, the release also fixes 34 security-related bugs and brings the anti-Spectre Site Isolation mitigation to users.