New Safari API enables Face ID and Touch ID authentication for websites
Apple in a WWDC presentation on Wednesday detailed a new Safari feature that allows developers to integrate Face ID and Touch ID authentication for the web, replacing common text-based logins.
Currently, iPhone and Mac users can use Face ID and Touch ID to authenticate their identity in compatible iOS apps, typically after an initial login that might require two-step verification. That same functionality is coming to Safari with a new API called Web Authentication.
Like the app process, the upcoming Safari feature allows users to enable Face ID and Touch ID authentication after an "old school" login that involves entering a user name, password and, if necessary, two-factor credentials. Website owners can opt to display a pop-up notification that invites users to default to biometric authentication when next visiting the site.
As detailed in Apple's "Meet Face ID and Touch ID for the web" presentation, the Web Authentication API offers both a streamlined login experience, but also improved security. The standard is resistant to phishing as it restricts public credentials to the website and authenticator that created them. That means users are unable to share said credentials with third parties.
Apple asked developers to begin testing the feature today, urging them to provide feedback on bugs and issues through the Feedback Assistant platform. Face ID and Touch ID for the web should roll out later this year.