A new web standard called WebAuthn will soon remove the need to enter a password each time you log in to a website - and may even mean the end for CAPTCHAs - those evil and (quite literally) twisted codes that annoy everyone but often bar users with a disability.
The problem with passwords
Passwords are not a good approach to securing our online lives. Not only do we need to remember which username or email address we used on a certain website, but we also need to make sure we always devise a cunning password and then make sure we make a note of it.
Everyone experiences the challenge of remembering passwords that are complicated (or should be) and different from site to site. Yours aren’t different you say? Yikes – that’s another major aspect to the problem with passwords. Once someone has got yours for one website, they’re simultaneously into several others. Add to the mix a disability or impairment that makes the practicalities of remembering or retrieving passwords even more problematic, and it’s easy to see the benefits that a new approach might bring.
Another significant flaw in the whole password approach is that, with all that we betray of ourselves on social media and the internet, it’s almost child’s play for someone to masquerade as us when contacting a company to reset a supposedly forgotten password.
Finally putting passwords in the past
This new standard does away with the need for passwords by using some other device – it could be your smartphone, computer or a specialist handheld ‘widget’ – to enable you to confirm that you are who you say you are. We’re all familiar with receiving a code by text or an email with a link we need to click to complete a registration process.
Having to manually enter a code is inconvenient and may include mistakes, but clicking a link is relatively pain-free. This latter approach is in essence what is proposed by WebAuthn – but in a much more seamless way. Being a fully-fledged W3C standard means it won’t involve anything so clunky as email, it will be able to be built right in to the device you would use to provide that all-important authentication.
Got a smartphone? If so, when logging into a website on your computer using this new WebAuthn approach, a simple message will pop up asking you to confirm that you wish to log in and – voila! No need to go into your emails or open an app – the integration on a wide range of devices permanently authorised to approve your login will make it as simple as a click of a button, a tap of a screen or perhaps (for a little added security) the tracing of a special gesture.
Our passwords cannot be forgotten as they will no longer exist - and our online accounts will be as secure as those devices used to provide authentication.
Will WebAuthn kill CAPTCHAs?
And what about the dreaded CAPTCHA? I won’t go into the ins and outs of these critters here – go and read many of my other posts – but surely these scrambled codes that prevent so many disabled people (myself included) from being able to prove we’re human and not robots are just another point at which we are asked to prove that we are who we say we are.
Dear W3C, please say that WebAuthn will kill CAPTCHAs once and for all...
Take Robin's 2 minute CAPTCHA challenge!
Robin Christopherson is AbilityNet's head of digital inclusion. Find more of his blogs here.
Robin is hosting a webinar on the business case for accessibility, this Wednesday (18 April). Find out more now.