W3C Declares WebAuthn Official
Written by Kay Ewbank   
Friday, 08 March 2019

The World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance have announced that the Web Authentication specification is now an official web standard.

WebAuthn is a browser and platform standard for simpler and stronger authentication. Although it has only just been made official, it's already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari browsers.


Commenting on the new standard, W3C and FIDO said:

"It's common knowledge that passwords have outlived their efficacy. Not only are stolen, weak or default passwords behind 81 percent of data breaches, they are a drain of time and resources."

WebAuthn means you can log into online accounts more securely using biometrics, mobile devices, or FIDO security keys. WC3 is recommending that web services and apps should turn on WebAuthn support to give users the option of logging in using biometrics, mobile devices or FIDO security keys.

Stolen, weak or default passwords behind an estimated 81 percent of data breaches, and traditional multi-factor authentication (MFA) solutions like SMS one-time codes are still vulnerable to phishing attacks, and suffer from low opt-in rates.

This background is behind the move to FIDO2. This combines WebAuthn and FIDO’s corresponding Client-to-Authenticator Protocol (CTAP).

FIDO2 cryptographic login credentials are unique across every website. The biometric information or more standard security info such as passwords never leave the user’s device and are never stored on a server. Users can log in with fingerprint readers, cameras, FIDO security keys, or their personal mobile device.

FIDO 2 also means that because the FIDO keys are unique for each Internet site, they cannot be used to track you across sites. Google announced in February that Android is now FIDO2-certified. For developers, enabling FIDO2 is a matter of a simple API call across all supported browsers and platforms. The FIDO Alliance has provided testing tools and launched a certification program.



More Information

FIDO Certification Program

FIDO2 on FIDO Website

WebAuthn On W3C Website

Developer resources on FIDO Website

Related Articles

Firefox 60 Supports WebAuthn

Fluid Passwords - Never The Same Password

GOTCHA - No More Password Hacking

25 GPUs Crack Passwords In Minutes


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Anaconda Joins AI Alliance

Anaconda has announced that it is joining the AI Alliance. Anaconda is best known as a provider of open-source distributions of Python and R for scientific computing.

JetBrains Announces Academy AI Festival

JetBrains is running an Academy AI Festival that they describe as a fusion of hands-on learning and inspiring challenges that will provide inspiration for innovation and will advance your understandin [ ... ]

More News

raspberry pi books



or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 08 March 2019 )