There are many users who consider passwords as an extreme burden. Remembering different passcodes could be difficult. Therefore WebAuthnan, an authentication protocol for the websites, could help us in that situation by rendering the passwords obsolete. By using biometric data such as fingerprint or face recognition, users can unlock and login into social networking apps or an online shopping platform on their smartphone or computer. In this era, we are very much cautious about our work and security. Privacy is one of the most important things for people these days.
WebAuthn is part of the new FIDO2 standard and aims to make passwords obsolete. Currently, if users want to log in to the service, they only need to provide a username and password. In the future, users could instead authenticate themselves simply by using their devices. To prevent random people who find the lost phone from logging in to it, users must use their smartphone PIN or biometric data to confirm the login process. Leona Lassac explained the problem: "The user seems to use a fingerprint to log in to the online service. In fact, your fingerprint can only unlock the so-called encryption key, which is stored on the user's device and then used to actually log in to the system.
"Nearly 70% of respondents were unsure or wrongly believed that their biometric information was being transferred to the website they were trying to log in to. It is important to clear these misunderstandings because they jeopardize people's willingness to use the new secure login," said Annika Hildebrandt, author of the University of Chicago. Another problem occurs when the fingerprint sensor does not work. Although you can also enter the smartphone PIN as an alternative, nut since the user interface does not clearly explain this option, 60% of users think they will lose access to their account. The researchers also asked whether participants would think their accounts were safe if their smartphones were stolen. 93% of respondents believe that their biometric data is sufficiently secure, but they do not know that attackers can also access their accounts by guessing their smartphone PIN.