First browser to give password-free logins
Mozilla yesterday released the latest version of its widespread browser, Firefox 60. It’s the first browser to offer password-free logins, with emerging W3C standard WebAuthn enabled by default. What’s new for businesses and general users?
The pervasiveness of Firefox within enterprises is evident, with many businesses relying on the browser to serve applications and websites to their employees, taking a near 12% usage share (compared with other browsers) in February this year.
Firefox Quantum for Enterprise is a key new feature that enables businesses to deploy a configured instance of Quantum – Mozilla’s high speed browser based on an advanced rendering engine – to employees.
Additionally, this configuration mechanism has been built with suppleness in mind, as it can either be configured using Windows Group Policy, or with JSON.
The latter (JSON configuration) opens up the possibility for firms to reduce their IT costs, as this popular format is known specifically for its verbosity and ease of use – perhaps organisations will employ their development teams to build an interface for such configurations as opposed to hiring specialists to manage these deployments.
Always opt-in tracking protection has also been added to recent versions of the browser, building upon the functionality released two years ago, enabling users to always have tracking protection whilst browsing. Mozilla wants to be known as the browser for privacy, and it will be interesting to see how rival browsers react to these updates.
Quantum comes shipped with the new ‘Quantum DOM’ which optimises rendering performance via parallelism. This simply means that the browser can now more efficiently utilise a user’s hardware to provide better speed in both commonplace and sophisticated web applications. The open source juggernaut states “Firefox is now 2X faster than it was and uses 30% less RAM than Chrome”.
New Security Features
Mime sniffing is used by browsers to infer the content type of data in transit, based on a small sample of the initial bytes of data. This saves system resources from having to read a whole file in order to determine a file type, however attackers cleverly manipulate this by placing malicious scripts deep inside of these data packets, which are ignored due to the sniff assuming that it is normal. The attack is mitigated by adding “X-Content-Type-Options: nosniff” to network requests, however Mozilla previously contained a bug that further complicated this mitigation.
Gladly Firefox’s latest version comes shipped with this bug fixed! So, users can be sure that hackers aren’t sniffing around their packets maliciously.
Password-less Authentication and Public-Key Cryptography
Firefox 60 uses the Web Authentication API to create and consume public-keys, enabling users to authenticate with sites via cryptography. The team says:
“The Web Authentication API (also referred to as WebAuthn) uses asymmetric (public-key) cryptography instead of passwords or SMS texts for registering, authenticating, and second-factor authentication with websites. This resolves significant security problems related to phishing, data breaches, and attacks against SMS texts or other second-factor authentication methods while at the same time significantly increasing ease of use (since users don’t have to manage dozens of increasingly complicated passwords).”
This is good news for users and perhaps a precursor of a password-less web. Exciting times.
Even More than this for the Techies
Not to mention, the release contains additional features, likely to be appreciated by developers such as:
- Default Virtual Reality API enabled for macOS
- Improved Media and WebRTC support
- Native support for ES6 Modules
- Much more
This is a bold and bundled release by Mozilla who continues to push the boundaries of the modern browser as we know it.