This really is great news and very overdue. It seems the W3C are releasing standards that will mean we no longer have a nagging sense of guilt that our passwords are all the same.
Quite apart from the inherent risks that having weak passwords present, the knowledge that your own failing no longer leaves you open to the abuse of a valuable swathe of your life will come as a huge relief to most of us.
Another effect of these changes will be to make services that are simultaneously web and mobile more common. Once we get used to authenticating on a different device from the one we're logging in on, it'll be much more normal to post information from one device to another for ease of use.
For example, reading on a tablet is much nicer than on a laptop but writing is typically harder. Hence posting in either direction, within an application, to enable different tasks makes sense.
This may be a step toward a wave of services that are no longer simply mobile-first but address all devices together to deliver the best experience.
A new web standard is expected to kill passwords, meaning users will no longer have to remember difficult logins for each and every website or service they use. The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam. Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC. “WebAuthn will change the way that people access the Web,” said Jeff Jaffe, chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.