WebAuthn the standard for login without passwords

webauthn-logo

Today the W3C (web standards body) and the FIDO Alliance (which is working hard to provide simpler and stronger authentication to replace passwords) hhave announced that they have finalized the WebAuthn standard for secure passwordless connections.

WebAuthn is a security context driven by password theft and data leaks that, In May 2016, the W3C web authentication working group (WebAuthn) and the FIDO Alliance (Fast IDentity Online) have published a draft on the specification of an authentication standard for different browsers, the WebAuthn standard.

Its purpose is to allow any website or online service to use applications, security keys or biometric data as a login instead of passwords or use these alternative approaches as a second verification method.

This standard is intended to eliminate the need to enter passwords when users connect to the Internet.

For the main objective is to ensure access to web applications.

Now is the time for web services and businesses to embrace WebAuthn to prevent password vulnerability and enhance the security of web users' online experiences, ”said Jeff Jaffe.

It is with these words that the W3C CEO commented on the success of an effort to finalize passwords.

And well, today WebAuthn is now an official web standard, which they consider an important step in making the web more secure and more usable by users around the world.

Now they are asking online platforms to adopt this new standard.

“Web applications and services can, and should, enable this feature so that their users can more easily connect via biometrics, mobile devices, or FIDO security keys, with much more security than just words. password “, argue jointly the W3C and the FIDO alliance.

FIDO2 and WebAuthn: a solution to the password problem

For your information, FIDO2 meets the W3C Web Authentication specification and the FIDO Alliance Client Authentication Protocol (CTAP).

Via FIDO2 and WebAuthn, the two organizations believe that the global tech community hhas developed a common solution to the common password problem- An ergonomic solution against password theft, phishing and other types of attacks of this type.

fido2

FIDO2 would solve all the problems associated with traditional authentication, as explained in the press release from the W3C and the FIDO alliance:

Safety: FIDO2's cryptographic login credentials are unique on each website and there is no biometric information or other secret information such as passwords coming out of the user's terminal or stored on a server.

This security model eliminates any risk of phishing, all forms of password theft, and "replay" attacks.

Comfort: Users connect with convenient methods such as fingerprint readers, cameras, FIDO security keys, or their mobile devices.

Confidentiality: FIDO keys are unique to each website, they cannot be used for tracking across sites.

Scalability: websites can enable FIDO2 with a simple API call on all browsers and platforms.

WebAuthn will save time and offer security

In a 2017 Verizon Security study, the W3C Alliance and FIDO explain that it has now been established that passwords have lost their effectiveness.

Default, low, or stolen passwords not only cause 81% of data breaches, but also waste time and resources.

Also referring to a recent study by security key provider Yubico, still state that users spend 10.9 hours per year entering or resetting passwords, which costs businesses an average of $ 5.2 million a year.

WebAuthn already has support

WebAuthn already supports Windows 10 and Android as well as web browsers Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari (in preview).

This shows that your adoption is on the right track. The FIDO Alliance has also launched a certification program for vendors ready to implement the standard on their browsers or platforms. This will speed up the end of passwords.

Source: www.w3.org


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.