FIDO & W3C Debut New, Safer Web Authentication Standard

FIDO Alliance and W3C on Tuesday announced a new web authentication standard, having described it as a major milestone in the cybersecurity segment. W3C's Web Authentication (WebAuthn) solution has been submitted to FIDO to participate in the Candidate Recommendation process of the Web Authentication Working Group, hence being relatively close to being approved. W3C is now also inviting websites and online services to implement its platform moving forward, claiming the solution will deliver an unprecedented level of security and consistency. WebAuthn is available in the form of a regular application programming interface (API), hence being suitable for implementation in a wide variety of use cases.

FIDO contributed to the development of WebAuthn, having supported it as part of the FIDO2 Project. The same initiative also led to the creation of the Client to Authenticator Protocol (CTAP) which supports external authentication solutions including smartphones, being compatible with both physical keys and wireless authentication via NFC or Bluetooth. Combining the two platforms should allow for a maximally secure system that's resistant to phishing and other common attacking vectors while simultaneously not inconveniencing end users. The new authentication standard is already enjoying support from U.S. tech giants such as Google and Microsoft, both of which previously pledged to support it going forward, having now started implementing it into Android, Chrome OS, and Windows. OS X and Linux will also fully support the specification in the near future.

FIDO is now set to start interoperability testing and is planning to begin issuing certificates to authenticators, servers, and clients compliant with FIDO2 standards, having already published guidelines and tools allowing developers to identify whether their solutions are eligible to be certified on its website. Servers that are interoperable with all FIDO authenticator categories will also be able to receive Universal Server certification that FIDO is now looking to introduce, the alliance said.

You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now