X

Firefox moves browsers into post-password future with WebAuthn tech

So you don't have to worry so much about phishing -- at least if websites support the new technology.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
3 min read
Mozilla Firefox icon

A Mozilla Firefox sticker

Stephen Shankland/CNET

With Mozilla's release of Firefox 60 on Wednesday, web browsers will start letting you log into websites without a password -- an important change in authentication technology that could help curtail costly phishing attacks.

Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone's fingerprint reader or the iPhone's Face ID, and some other alternatives to passwords.

Passwords are a particular problem on the web. Fake websites can coax you to type in credentials that then can be used to steal money from your bank account or snoop your email -- a problem called phishing. Even if you pick hard-to-guess passwords, never reuse them on multiple sites and always remember them, passwords still aren't that strong a foundation for security these days. We're still a long way away from a post-password future, but WebAuthn is an important step, if nothing else, in making sites more secure.

"It might be that, in a few years time, a significant number of people have a passwordless experience with at least one site that they use regularly. That'll be exciting," Google security expert Adam Langley said in a March blog post.

One WebAuthn fan is data-sync service Dropbox.

"As a user, you'll enjoy much stronger sign in security on more browsers," Dropbox programmer Brad Girardeau said in a blog post Tuesday. "You can feel confident when signing in that it's really us, and we can be confident it's really you."

With WebAuthn technology, USB security keys like this YubiKey from Yubico can be used in place of a password or in addition to one.

With WebAuthn technology, USB security keys like this YubiKey from Yubico can be used in place of a password or in addition to one.

Yubikey

Mozilla boasts that Firefox is the first browser out of the gate to support WebAuthn, but it's coming to Google's Chrome -- the next version, due this month -- and Microsoft's Edge, too. That should improve web authentication compared to earlier attempts to support the technology.

WebAuthn is "significantly more capable" than earlier attempts to support physical authentication keys, Langley said. Happily, WebAuthn supports earlier authentication hardware, so people who have invested in the technology won't have to start from scratch.

Hello, Firefox advertising

Firefox 60 also introduces new sponsored links -- ads -- on the new-tab page. Only a test group of Firefox users in the US will see them to start as Mozilla refines the technology, but expect it to spread as the nonprofit seeks to diversify revenue sources besides Google and other search engines that pay Mozilla when Firefox sends our queries their way.

Mozilla tried ads on the new-tab page in 2014 but dumped the project because of problems coming up with ads that were a good match. This time, though, Firefox will offer sponsored links based on its own assessment of our interests as informed by its Pocket service, through which you can flag sites you find interesting.

Even if you're not seeing ads on the new-tab page, Firefox will show more personalized suggestions for websites there, Mozilla said.

Quantum speedup goes to mobile Firefox

Firefox 57, released in November, debuted the Firefox Quantum product name to reflect serious changes under the hood to speed up the browser. It's a key part of Mozilla's effort to reclaim relevance and users that Firefox has lost to Chrome.

On Wednesday Firefox 60 for Android phones will get one big piece of the Quantum speed boost, a feature called Stylo to speed up website formatting technology called CSS.

"It takes better advantage of mobile devices with multiple cores that are optimized for low power consumption, which is perfect for anyone on the go," Mozilla said of the Stylo change.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.