Nhasi iyo W3C (webhu zviyero muviri) uye iyo FIDO Mubatanidzwa (iri kushanda nesimba kuti ipe chokwadi chiri nyore uye chakasimba kutsiva mapassword) hvazivisa kuti vapedzisa iyo WebAuthn chiyero chekuchengetedzeka pasina password.
WebAuthn mamiriro ekuchengetedza anotungamirwa nekuba kwepassword uye kudonhedza dhata izvo, Muna Chivabvu 2016, iyo W3C yewebhu yekusimbisa inoshanda boka (WebAuthn) uye iyo FIDO Alliance (Fast IDentity Online) vakaburitsa dhizaini pane iyo tsananguro yeiyo yekusimbisa standard kune akasiyana mabhurawuza, iyo WebAuthn standard.
Chinangwa chayo kubvumira chero webhusaiti kana yepamhepo sevhisi kushandisa zvishandiso, makiyi ekuchengetedza kana data rebiometric seyakagumira pachinzvimbo chemaphasiwedi kana kushandisa dzimwe nzira senzira yechipiri yekuongorora.
Iyi standard inoitirwa kubvisa kukosha kwekuisa mapassword kana vashandisi vabatana neInternet.
Zvakanaka Chinangwa chikuru ndechekuona kuwanikwa kwewebhu webhu.
Ino ndiyo nguva yekuti masevhisi nevemabhizimusi vagamuchire WebAuthn kudzivirira kusagadzikana kwepassword nekusimudzira kuchengetedzeka kwezviitiko zvevashandisi vewebhu, "akadaro Jeff Jaffe.
Izvo zvine aya mazwi ayo W3C CEO akataura pamusoro pekubudirira kwekuyedza kupedzisa mapassword.
Uye nhasi, nhasi WebAuthn ikozvino yero yepamutemo yewebhu, iyo yavanofunga danho rakakosha mukuita kuti webhu ive yakachengeteka uye ishandiswe nevashandisi pasirese.
Iye zvino ivo vari kukumbira epamhepo mapuratifomu kuti atore iyi itsva standard.
"Webhu kunyorera uye masevhisi anogona, uye anofanirwa, kugonesa chinhu ichi kuitira kuti vashandisi vavo vakwanise kubatana nyore nyore kuburikidza nebiometric, nhare mbozha, kana makiyi ekuchengetedza eFIDO, nekuchengetedzeka kukuru kupfuura mazwi chete. password ", nharo pamwe chete iyo W3C uye iyo FIDO mubatanidzwa.
FIDO2 uye WebAuthn: mhinduro kune dambudziko re password
Kuti uwane ruzivo, FIDO2 inosangana neW3C Webhu Yekusimbisa tsananguro uye iyo FIDO Alliance Client Authentication Protocol (CTAP).
Via FIDO2 uye WebAuthn, iwo masangano maviri anotenda kuti yepasi rese tech nharaunda hyakagadzira mhinduro yakajairika kune iro dambudziko re password- Mhinduro ye ergonomic inopesana ne password yekuba, phishing uye mamwe marudzi ekurwiswa kwerudzi urwu.
FIDO2 yaizogadzirisa matambudziko ese ane hukama neyakavimbika tsika, sezvakatsanangurwa mupepanhau kuburitswa kubva kuW3C uye mubatanidzwa weFIDO:
Chengetedzo: FIDO2's cryptographic login zvitupa zvakasarudzika pane yega yega webhusaiti uye hapana ruzivo rwe biometric kana rumwe ruzivo rwepachivande senge mapassword anobuda mutirumu yemushandisi kana akachengetwa pane server.
Iyi yekuchengetedza modhi inobvisa chero njodzi yekubiridzira, dzese nzira dzekuba password uye "kudzorera" kurwisa.
Nyaradzo: Vashandisi vanobatana nenzira dziri nyore dzakadai sevanoverenga minwe, makamera, makiyi ekuchengetedza eFIDO, kana nharembozha.
Confidentiality: Makiyi eFIDO akasarudzika kune yega yega webhusaiti, haakwanise kushandiswa kuteedzera pamasaiti.
Scalability: mawebhusaiti anogona kugonesa FIDO2 neyakareruka API kufona pane ese mabhurawuza uye mapuratifomu.
WebAuthn ichaponesa nguva uye inopa chengetedzo
Mune 2017 Verizon Security kudzidza, iyo W3C Alliance neFIDO vanotsanangura kuti izvozvi zvakagadziriswa kuti mapassword akarasikirwa nekushanda kwawo.
Default, yakaderera, kana kubiwa mapassword haangokonzere 81% yekutyorwa kwedata, asi zvakare kutambisa nguva nezviwanikwa.
Zvakare kutaura nezvechangobva kuongororwa nekuchengetedzwa kiyi mupi Yubico, zvakadaro inotaura kuti vashandisi vanopedza maawa gumi nemazana mapfumbamwe pagore vachipinda kana kuseta patsva mapassword, ayo anodhura mabhizimusi avhareji yemamiriyoni mashanu emadhora pagore.
WebAuthn yatove nerutsigiro
WebAuthn yatove kutsigira Windows 10 uye Android pamwe newebhu mabhurawuza Google Chrome, Mozilla Firefox, Microsoft Edge, uye Apple Safari (mukutarisa).
Izvi zvinoratidza kuti kutora kwako kuri munzira kwayo. FIDO Alliance yakaparurawo chirongwa chechitupa chevatengesi vakagadzirira kuita zvimiro pamabhurawuza avo kana mapuratifomu. Izvi zvinokurumidzisa kupera kwemaphassword.
mabviro: w3.org