A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use.一种新的网络标准或将落幕密码的用于,用户仍然必须忘记指定每个网站和个人设备的账号信息。The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.这种“网络证书”标准目的用于生物识别和用户有数的设备替代密码,比如安全性密钥、智能手机、指纹扫描仪和网络摄像头。Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.用户需要再行记忆更加冗长的密码,而可以用于身体特征或者有数设备证书其指定信息,通过蓝牙、USB模块或近场通信技术必要已完成在线身份认证。“WebAuthn will change the way that people access the Web,” said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.网络标准机构万维网联盟的董事长杰夫-贾福尔说道:“网络证书能转变人们的网际网路方式。


”One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.荐个例子,如果一名用户想要用电脑指定采访一家网站,他们可以输出用户名,之后就不会在智能手机上接到提醒。页面手机上的提示信息就可以成功指定网站,需要输出密码。WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.“网络证书”标准将使用户需要担忧受到网络钓鱼反击,也不必担忧证书信息被盗用,因为本身就没什么可偷走的。

每次用户指定网站,都会分解特定设备才可用于的重复使用身份认证指令。“After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications,” said Brett McDowell, executive director of the FIDO Alliance, one of the bodies pushing the new standard.推展新标准实施的机构之一FIDO联盟(线上较慢身份认证联盟)的继续执行董事布雷特-麦克道尔说道:“这些年来数据泄漏和密码信息被盗的情况更加相当严重,现在服务提供商是时候完结他们对易受攻击的密码和重复使用密码的倚赖,并在所有网站和应用于中用于可防止网络钓鱼的线上较慢身份认证了。”WebAuthn should also help people use unique login details for each and every service they use, instead of using the same login and password for every site, which many people still do leaving them vulnerable to further attacks if one site is hacked.“网络证书”标准还协助人们为每个设备用于独一无二的指定信息,而不是针对每个网站都用于完全相同的登录名和密码。


如果其中一个网站被黑,很多用户的登录名和密码都有可能遭更进一步反击。The W3C has moved WebAuthn to what’s called the “candidate recommendation” stage – the penultimate step before it becomes an approved web standard – inviting sites and services to begin implementing it. The web standards body announced that Google, Microsoft and Mozilla had committed to supporting WebAuthn, meaning that all major web browsers short of Apple’s Safari will implement the new standard.万维网联盟已将“网络证书”标准列为“候选引荐”阶段,这是互联网标准最后取得接纳、邀网站和设备开始应用于之前的倒数第二个阶段。万维网联盟宣告,谷歌、微软公司和摩斯纳(火狐)已决意致力于反对这一标准,这意味著除了苹果公司的Safari浏览器外,所有的主流浏览器都将实行这一新标准。“While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link,” said Jaffe.贾福尔说道:“尽管互联网安全不存在诸多问题,我们也无法全部解决问题,但倚赖密码是其中最脆弱的环节。

通过网络证书标准的多因素解决方案,我们将避免这一薄弱环节。”Several sites and services already use similar methods to log in, including Google and Facebook, which can both be logged into using a USB security key. But a single cross-platform, cross-service standard ratified by the W3C will mean that many more sites and services will be able to kill the password as the defacto login method.有数数家网站和多种设备用于类似于的指定方式,谷歌和脸书等网站用户可以自由选择用于USB安全性密钥指定。但互联网联盟批准后的单一跨平台、横跨设备标准意味著将有更加多的网站和设备中止密码这种实际指定办法。WebAuthn is the culmination of many years of work and the change will not happen overnight. But as it increasingly seems inevitable that our email or other online services will get hacked into, removing the password is an important step in improving online security and making using sites and services easier.“网络证书”标准是数年成就累积的顶峰,这种转变并非一蹴而就。