Safari 14 new updates on Logins via Face ID and Touch ID & WebExtensions
Apple’s next-generation Safari browser, Safari 14, the version of Apple’s browser that will ship with iOS 14 and macOS Big Sur, will make you use Face ID or Touch ID to log in to websites built to support the feature.
The functionality was confirmed in the browser’s beta release notes, and Apple has shown how the feature works in a WWDC video for developers.
The functionality is built on the WebAuthn component of the FIDO2 standard, developed by the FIDO Alliance. It should start logging into a website as simple as logging into an app secured with Touch ID or Face ID.
Another major upgrade happening to Apple’s Safari 14 is the support for WebExtensions, a technology for building browser extensions. It means that users will undoubtedly be capable of using extensions on Safari, similar to Chrome, Edge, Firefox, and Opera browsers.
WebAuthn is an API that strives to make web logins more accessible and more secure. Unlike passwords, which are often guessed and vulnerable to phishing attacks, WebAuthn uses public-key cryptography and can use security systems like biometrics or hardware security keys to verify your identity.
It’s a standard that unique websites need to add support for, but is supported by the stock browser in iOS has the potential to be a significant boost for adoption.
This isn’t the initial time Apple has supported parts of the FIDO2 standard. Last year’s iOS 13.3 added support for physical FIDO2-compliant security keys with the Safari web browser, and Google began making use of this with its accounts on iOS earlier this month.
These security keys offer more security for your account since an attacker would require physical access to your key to obtaining access to your account.
Support for security keys also developed to Safari on macOS in 2019. However, Safari 14’s functionality should be a lot more seamless, relying on the biometric security that’s built into your Apple device rather than needing a separate piece of hardware in the form of a security key.
The new iOS functionality is comparable to what’s before been added to Android. Google’s mobile OS got FIDO2 certification last year, and the company next made it reasonable to log into some of its services in the Chrome browser on Android without requiring a password.
Apple’s devices have been authorized to use Touch ID and Face ID as part of the online login process in the past. Still, before, this has relied on using the biometric security to autofill previously-stored passwords into websites. Once set up has been done, WebAuthn can be used to bypass the password process, meaning it’s not vulnerable to the identical kinds of attacks that can make passwords insecure.
Face ID- Touch ID support on Apples’s Safari 14
According to the Cupertino, the feature operates with a new Web Authentication API, based on the FIDO2 standard. Apple had confirmed up as a board member of the FIDO Alliance, an organization authorized to eliminating the need for passwords back in February month.
The API intends to make Web logins simpler and more reliable since it relies on biometrics and physical keys to verify users’ identity. Apple last year had combined the support for physical FIDO2-compliant security keys with the Safari Web browser on iOS 13.3.
Apple, which entered the FIDO Alliance earlier this year, joins an expanding list of companies that are throwing their weight behind the FIDO2 standard.
As well as the Google leads detailed above, Microsoft announced intentions to make Windows 10 password-less last year, and it began allowing users to sign into its accounts in its Edge browser using security keys and its biometric Windows Hello security feature back in 2018.