W3C Declares WebAuthn Official
Written by Kay Ewbank   
Friday, 08 March 2019

The World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance have announced that the Web Authentication specification is now an official web standard.

WebAuthn is a browser and platform standard for simpler and stronger authentication. Although it has only just been made official, it's already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari browsers.


Commenting on the new standard, W3C and FIDO said:

"It's common knowledge that passwords have outlived their efficacy. Not only are stolen, weak or default passwords behind 81 percent of data breaches, they are a drain of time and resources."

WebAuthn means you can log into online accounts more securely using biometrics, mobile devices, or FIDO security keys. WC3 is recommending that web services and apps should turn on WebAuthn support to give users the option of logging in using biometrics, mobile devices or FIDO security keys.

Stolen, weak or default passwords behind an estimated 81 percent of data breaches, and traditional multi-factor authentication (MFA) solutions like SMS one-time codes are still vulnerable to phishing attacks, and suffer from low opt-in rates.

This background is behind the move to FIDO2. This combines WebAuthn and FIDO’s corresponding Client-to-Authenticator Protocol (CTAP).

FIDO2 cryptographic login credentials are unique across every website. The biometric information or more standard security info such as passwords never leave the user’s device and are never stored on a server. Users can log in with fingerprint readers, cameras, FIDO security keys, or their personal mobile device.

FIDO 2 also means that because the FIDO keys are unique for each Internet site, they cannot be used to track you across sites. Google announced in February that Android is now FIDO2-certified. For developers, enabling FIDO2 is a matter of a simple API call across all supported browsers and platforms. The FIDO Alliance has provided testing tools and launched a certification program.



More Information

FIDO Certification Program

FIDO2 on FIDO Website

WebAuthn On W3C Website

Developer resources on FIDO Website

Related Articles

Firefox 60 Supports WebAuthn

Fluid Passwords - Never The Same Password

GOTCHA - No More Password Hacking

25 GPUs Crack Passwords In Minutes


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


More Jetpack Compose Updates

The July release of Android Jetpack Compose has some improvements and it is faster, but is it what we want?

Eclipse Releases Theia IDE

The Eclipse Foundation has released Theia IDE, which they say is created for developers seeking a modern, open, and flexible tool for their coding pursuits. The IDE is based on the Theia Platform, whi [ ... ]

More News

kotlin book



or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 08 March 2019 )