The latest version of Firefox “Quantum,” version 60.0, is out, and with it arrives support for password-free logins on the internet. This is made possible by the Web Authentication standard and USB-based security keys like Yubico’s YubiKey devices. Chrome 67will reportedly offer support later this month, followed by Microsoft Edge.
“WebAuthn is a set of anti-phishing rules that uses a sophisticated level of authenticators and cryptography to protect user accounts,” Mozilla explains. “It supports various authenticators, such as physical security keys today, and in the future mobile phones, or biometric mechanisms such as face recognition or fingerprints.”
Yubico offers a variety of standard YubiKeys spanning your typical USB-A and USB-C models that remain plugged into your PC (full-size or nano). Meanwhile, the “Neo” models hook onto your car keys and sport USB-A and NFC connectivity for PCs and Android phones. Yubico’s “FIPS” models are built specifically for government and regulated industries.
With Firefox and a YubiKey in hand, you can create a web-based account using a one-time registration token. The next time you log into that account, you won’t need to enter a password as long as the authenticator is present. Eventually with support for face recognition and fingerprint scanning, all you’ll need is your pretty face or finger.
The benefits of using WebAuthn are tremendous for web surfers. Because it uses encrypted public and private keys, there are no passwords stored in a website’s database. Even more, there’s no password for hackers to scoop on a compromised website, and nothing to intercept as data passes from your PC to the website.
The goal is to authenticate account owners using something that’s physically unique, like their face or fingerprint, and not with letters, numbers, and characters hackers could eventually discover. The standard also wasn’t meant to rely on devices you own for authentication, but they have to suffice for now.
That said, don’t start deleting your passwords just yet. WebAuthn is in its early rollout stages and currently only supports desktop web browsers. But once WebAuthn supports smartphones, switching over from the current two-factor authentication systems is expected to be quick and painless for developers and companies.
Outside new support for WebAuthn, the latest Firefox release provides a wider layout on new tabs, a larger “Top Sites” menu sporting eight icons, and larger “Highlights” icons. The Pocket’s recommendation section now displays an occasional sponsored story as well. Mozilla claims recommendations take place locally on your PC, and thus Mozilla, Pocket, and the associated sponsors aren’t receiving a copy of your browsing history and making recommendations based on that data.
For the enterprise, Firefox 60 now enables IT to customize the browser for the office. Customization can be performed using the Group Policy tool on Windows, or through a JSON file supporting Mac, Linux, and Windows. There’s also a choice of deploying the Rapid Release build that auto-updates roughly every six weeks, or the Extended Support Release that updates once per year. These updates include new features and performance improvements.