Practical passwordless authentication comes a step closer with WebAuthn

by
Peter Bright
from Ars Technica - All content on (#3MD6P)
pile-of-keys-800x600.jpg

Enlarge (credit: Pablo Viojo / Flickr)

The World Wide Web Consortium (W3C) and FIDO Alliance today announced that a new spec, WebAuthn ("Web Authentication") had been promoted to the Candidate Recommendation stage, the penultimate stage in the Web standards process.

WebAuthn is a specification to allow browsers to expose hardware authentication devices-USB, Bluetooth, or NFC-to sites on the Web. These hardware devices enable users to prove their identity to sites without requiring usernames and passwords. The spec has been developed as a joint effort between FIDO, an industry body that's developing secure authentication systems, and W3C, the industry group that oversees development of Web standards.

With WebAuthn-enabled browsers and sites, users can sign in using both integrated biometric hardware (such as the fingerprint and facial-recognition systems that are widely deployed) and external authentication systems such as the popular YubiKey USB hardware. With WebAuthn, no user credentials ever leave the browser and no passwords are used, providing strong protection against phishing, man-in-the-middle attacks, and replay attacks.

Read 3 remaining paragraphs | Comments

index?i=p-NoKFsrLS4:4pLv0LYTAq4:V_sGLiPB index?i=p-NoKFsrLS4:4pLv0LYTAq4:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments