FIDO Authentication with WebAuthn

broken image

 

The Web Authentication API (WebAuthn) is a specification written by the W3C andFIDO, with the participation of Google, Microsoft, Mozilla, Yubico, and others. This API allows users to be authenticated using public key cryptography. 

FIDO webauthn  is the most secure andusable authentication method on the web right now. Some key reasons for thisinclude the fact that it minimizes login friction. A simple and familiar gesture lets users authenticate. This is the only web authentication method that is phishing resistant. It is standard based and implemented across browsers and operating systems 

FIDOWebAuthn allows users authenticate with two types of authenticators, namelyroaming authenticators and platform authenticators. Roaming authenticators are removable and cross-platform, such as a Yubikey, and can be used on multiple devices. In order to authenticate with a roaming authenticator, you are supposed to connect it to the device (through USB, Bluetooth, or NFC), provide proof of presence (for instance by touching it), and optionally provide user verification, for instance by entering a PIN. 

On the other hand, platform authenticators are attached to a device and only work on that particular device. Good examples are Windows Hello, MacBook’s TouchBar, iOS Touch/FaceId, and Android’s fingerprint/face recognition. Biometric data is stored on the device and is never sent to the server. When biometrics cannot be used, alternative authentication methods are usually provided. For instance, if you are wearing a mask, you can enter your passcode instead of using Face ID. 

WebAuthn works by generating a private/public key pair for each web origin which are registered in the device or security key. Because the key pair is bound to the domain, it means that users are protected from phishing attacks. If the attacker tricks them into using FIDO WebAuthn in a different domain, the WebAuthn authenticator won’t have a key pair for that domain and authentication will fail. The attacker won’t get any data that can identify the user. 

For more information on FIDO Authentication withWebAuthn, visit our website at https://loginid.io/ 

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save