FIDO & W3C Debut New, Safer Web Authentication Standard

Advertisement
Advertisement

FIDO Alliance and W3C on Tuesday announced a new web authentication standard, having described it as a major milestone in the cybersecurity segment. W3C's Web Authentication (WebAuthn) solution has been submitted to FIDO to participate in the Candidate Recommendation process of the Web Authentication Working Group, hence being relatively close to being approved. W3C is now also inviting websites and online services to implement its platform moving forward, claiming the solution will deliver an unprecedented level of security and consistency. WebAuthn is available in the form of a regular application programming interface (API), hence being suitable for implementation in a wide variety of use cases.

FIDO contributed to the development of WebAuthn, having supported it as part of the FIDO2 Project. The same initiative also led to the creation of the Client to Authenticator Protocol (CTAP) which supports external authentication solutions including smartphones, being compatible with both physical keys and wireless authentication via NFC or Bluetooth. Combining the two platforms should allow for a maximally secure system that's resistant to phishing and other common attacking vectors while simultaneously not inconveniencing end users. The new authentication standard is already enjoying support from U.S. tech giants such as Google and Microsoft, both of which previously pledged to support it going forward, having now started implementing it into Android, Chrome OS, and Windows. OS X and Linux will also fully support the specification in the near future.

FIDO is now set to start interoperability testing and is planning to begin issuing certificates to authenticators, servers, and clients compliant with FIDO2 standards, having already published guidelines and tools allowing developers to identify whether their solutions are eligible to be certified on its website. Servers that are interoperable with all FIDO authenticator categories will also be able to receive Universal Server certification that FIDO is now looking to introduce, the alliance said.

Advertisement