I recently read an article about bringing a Web standard for passwords. The general gist of the article was that and I quote “The FIDO Alliance and W3C have launched a Web Authentication standard that makes it easier to offer truly unique encryption credentials for each site. “
The idea is to have a universal standard across the web, so one doesn’t need to sign in with a different password with every website one goes to. So when you go to a specific website instead of a password prompt you’d get a biometric or maybe a usb key in place of the password. Similiarly to how a password works, your usb key or your fingerprint or image are stored somewhere and every website you encounter that requires proof of identity will ping this api when you scan your fingers/facail recognition or the usb key. This would be great for an individual or a small app developers since you can outsource completely your identity securities. For example right now best practice is to outsource it to a larger corporation like facebook or google, but say someone doesn’t have either, that means you would lose out on a whole subset of users or face the daunting task of security management.
With this methodology if it does come to pass, one doesn’t have to limit the users based on what social media or email an indiviual has. It will have a large team securing the servers so security is seplemented by someone else and you don’t have to worry about security or excluding individuals to your app.