W3C Declares WebAuthn Official
Written by Kay Ewbank   
Friday, 08 March 2019

The World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance have announced that the Web Authentication specification is now an official web standard.

WebAuthn is a browser and platform standard for simpler and stronger authentication. Although it has only just been made official, it's already supported in Windows 10, Android, and Chrome, Firefox, Edge and Safari browsers.

webauthn

Commenting on the new standard, W3C and FIDO said:

"It's common knowledge that passwords have outlived their efficacy. Not only are stolen, weak or default passwords behind 81 percent of data breaches, they are a drain of time and resources."

WebAuthn means you can log into online accounts more securely using biometrics, mobile devices, or FIDO security keys. WC3 is recommending that web services and apps should turn on WebAuthn support to give users the option of logging in using biometrics, mobile devices or FIDO security keys.

Stolen, weak or default passwords behind an estimated 81 percent of data breaches, and traditional multi-factor authentication (MFA) solutions like SMS one-time codes are still vulnerable to phishing attacks, and suffer from low opt-in rates.

This background is behind the move to FIDO2. This combines WebAuthn and FIDO’s corresponding Client-to-Authenticator Protocol (CTAP).

FIDO2 cryptographic login credentials are unique across every website. The biometric information or more standard security info such as passwords never leave the user’s device and are never stored on a server. Users can log in with fingerprint readers, cameras, FIDO security keys, or their personal mobile device.

FIDO 2 also means that because the FIDO keys are unique for each Internet site, they cannot be used to track you across sites. Google announced in February that Android is now FIDO2-certified. For developers, enabling FIDO2 is a matter of a simple API call across all supported browsers and platforms. The FIDO Alliance has provided testing tools and launched a certification program.

webauthn 

 

More Information

FIDO Certification Program

FIDO2 on FIDO Website

WebAuthn On W3C Website

Developer resources on FIDO Website

Related Articles

Firefox 60 Supports WebAuthn

Fluid Passwords - Never The Same Password

GOTCHA - No More Password Hacking

25 GPUs Crack Passwords In Minutes

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Plotly Adds Offline Only Mode
01/08/2019

Plotly.py has been updated with improvements including an offline only mode and the inclusion of Plotly Express. Plotly.py is a Python data visualization framework best known for being used for the gr [ ... ]



Scratch 3 Desktop for Raspbian on Raspberry Pi Released
19/08/2019

The Raspberry Pi Foundation has released an offline implementation of Scratch 3.0 than runs under Raspbian Buster and performs best on the 2GB Raspberry Pi 4. 


More News

appC

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 08 March 2019 )