FIDO2: Moving the World Beyond Passwords using WebAuthn & CTAP

Moving the World Beyond Passwords

FIDO2 is the overarching term for FIDO Alliance’s newest set of specifications. FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

FIDO2 reflects the industry’s answer to the global password problem and addresses all of the issues of traditional authentication:

SECURITYFIDO2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, all forms of password theft and replay attacks.

CONVENIENCEUsers unlock cryptographic login credentials with simple built-in methods such as fingerprint readers or cameras on their devices, or by leveraging easy-to-use FIDO security keys. Consumers can select the device that best fits their needs.PRIVACYBecause FIDO cryptographic keys are unique for each internet site daftar situs judi slot online terpercaya, they cannot be used to track users across sites. Plus, biometric data, when used, never leaves the user’s device.

SCALABILITYWebsites can enable FIDO2 through a simple JavaScript API call that is supported across leading browsers and platforms on billions of devices consumers use every day.

Inside the FIDO2 Specifications

Web Authentication (WebAuthn)

WebAuthn enables online services to use FIDO Authentication through a standard web API that can be built into browsers and related web platform infrastructure. It is a collaborative effort based on specifications initially submitted by FIDO Alliance to the W3C and then iterated and finalized by the broader FIDO and W3C communities. WebAuthn was designated an official web standard in March 2019. It is currently supported in Windows 10 and Android platforms, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari web browsers.

WebAuthn allows users to log into internet accounts using their preferred device. Web services and apps can – and should – turn on this functionality to give their users an easier login experience via biometrics, mobile devices and/or FIDO security keys — and with much higher security over passwords alone.

For technical information about the W3C Recommendation, look here.

Client to Authenticator Protocol (CTAP)

CTAP enables expanded use cases over previous FIDO standards. It enables external devices such as mobile handsets or FIDO security keys to work with browsers supporting WebAuthn, and also to serve as authenticators to desktop applications and web services.

For technical details about CTAP, look here.

FIDO2’s relationship with other FIDO specs

The specifications under FIDO2 support existing passwordless FIDO UAF and FIDO U2F use cases and expand the availability of FIDO Authentication. Users that already have external FIDO-compliant devices, such as FIDO security keys, will be able to continue to use these devices with web applications that support WebAuthn. Existing FIDO UAF devices can still be used with pre-existing services as well as new service offerings based on the FIDO UAF protocols.

Testing and Certification

FIDO Alliance provides interoperability testing and certification for servers, clients and authenticators adhering to FIDO2 specifications. Additionally, the Alliance has introduced a new Universal Server certification for servers that interoperate with all FIDO authenticator types (FIDO UAF, WebAuthn, CTAP). As a best practice, the FIDO Alliance recommends online services and enterprises deploy a Universal Server to ensure support for all FIDO Certified authenticators.

WebAuthn + CTAP Flow

Demos from Google and Microsoft

See cross-browser, cross-OS demonstrations of FIDO2 in action

About Me

Senyman

FIDO2: WebAuthn & CTAP