Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

FIDO Alliance and W3C Achieve Major Standards Milestone in Global Effort Towards Stronger Authentication on the Web

April 2018 by Emmanuelle Lamandé

The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a major standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world.

The W3C has advanced Web Authentication (WebAuthn), a collaborative effort based
on Web API specifications submitted by FIDO to the W3C, to the
Candidate Recommendation (CR) stage. The CR is the product of
the Web Authentication Working Group, which is comprised of
representatives from over 30 member organizations. CR is a
precursor to final approval of a web standard, and the W3C has
invited online services and web app developers to implement WebAuthn.

WebAuthn defines a standard web API that can be incorporated
into browsers and related web platform infrastructure which
gives users new methods to securely authenticate on the web, in
the browser and across sites and devices. WebAuthn has been
developed in coordination with FIDO Alliance and is a core
component of the FIDO2 Project along with FIDO’s Client
to Authenticator Protocol (CTAP) specification. CTAP enables an
external authenticator, such as a security key or a mobile
phone, to communicate strong authentication credentials locally
over USB, Bluetooth or NFC to the user’s internet access device
(PC or mobile phone). The FIDO2 specifications collectively
enable users to authenticate easily to online services with
desktop or mobile devices with phishing-resistant security.

Google, Microsoft, and Mozilla have committed to supporting the
WebAuthn standard in their flagship browsers and have started
implementation for Windows, Mac, Linux, Chrome OS and Android
platforms. Both the WebAuthn and CTAP specifications
are available today, enabling developers and vendors to get a
jumpstart on building support for the next generation of FIDO
Authentication into their products and services.

The completion of the FIDO2 standardization efforts, promotion
of WebAuthn along the W3C standards track, and the commitment
of leading browser vendors to implementation opens a new era of
ubiquitous, hardware-backed FIDO Authentication protection for
everyone using the internet.

Enterprises and online service providers looking to protect
themselves and their customers from the risks associated with
passwords — including phishing, man-in-the-middle attacks and
the abuse of stolen credentials — can soon deploy
standards-based strong authentication that works through the
browser or via an external authenticator. Deploying FIDO
Authentication enables online services to provide choice to
users from an interoperable ecosystem of devices people use
every day like mobile phones and security keys.

The standardization of the new FIDO2 specifications in browsers
and operating systems will further expand the reach of FIDO
Authentication, which is referenced by regulators and
standards-setting bodies worldwide and is already available on
hundreds of millions of devices and offered to more than 3.5
billion user accounts worldwide through services from companies
such as Google, Facebook, NTT DOCOMO, Bank of America and many
more. The new specifications complement existing passwordless
FIDO UAF and second-factor FIDO U2F use cases, and expand the
availability of FIDO Authentication. FIDO2 web browsers and
online services are fully backwards compatible with all
previously certified FIDO Security Keys.

FIDO will soon launch interoperability testing and will issue
certifications for servers, clients and authenticators adhering
to FIDO2 specifications. The conformance test tools are
available on FIDO’s website. Additionally, FIDO will
introduce a new Universal Server certification for servers that
interoperate with all FIDO authenticator types (FIDO UAF, FIDO
U2F, WebAuthn, CTAP).


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts