What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard. Those interested in trying out a Web Authentication API Demo directly through their own browser can access it here.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
In 2019, the world of technology experienced an exciting milestone that some expect will entirely shift the way Internet users securely access their online accounts in just a few years.
In March of 2019, the World Wide Web Consortium (W3C) would ratify a standard known as the Web Authentication API, also referred to as WebAuthn. This standard enables web browsers to securely access websites using strong authenticators. This, in turn, can significantly lessen the risks of online attacks such as data breaches, phishing scams, or two-factor authentication attacks.
The WebAuthn standard is revolutionary. It sets a stage where web service providers can choose to eliminate the use of passwords or receiving of SMS text messages to log in to websites. Subsequently, the user experience becomes safer and easier to navigate because users are no longer required to keep track of every single one of their passwords for each of their accounts.
In the past, sites could use devices similar to Web Authentication API, but they would require specialized, vendor-specific changes to the site. In addition, users would have to install support software onto their laptop or phone to allow communication between the hardware authentication device (the physical security key) and the website.
Now, with WebAuthn, the ability for web services and devices to communicate through a browser is standardized into a well-known application programming interface (API). Website implementers need only know their part of the API while Web Authentication vendors can have broader support for their devices across more online services.
Several key players in the tech industry are combining their efforts in continuing the building of Web Authentication API: including Google, Microsoft, Yubico, and other authoritative entities in the field.
Why is WebAuthn important?
Strong Authenticators are already experiencing astounding success. Take Google, for example. In 2019, Google required all of its employees to utilize strong authenticators as the primary method of accessing their accounts in place of passwords and temporary codes. Ever since this security standard was implemented, not one of the 85,000 employees has been subject to a phishing attack.
This is revolutionary, considering that the 2019 Verizon Data Breach Investigations Report concludes 93% of data breaches were the result of phishing and pretexting.
With undeniable examples such as these, leaders in the IT industry are already recommending that WebAuthn API should be the standard followed by the conglomerate of browser creators.
How does it work?
The Web Authentication standard lays out the groundwork for standardized access to hardware security modules directly from a user’s browser.
The tool uses public key cryptography – meaning anyone can encrypt a message with a public key belonging to the receiver, and the message can only be decrypted by means of the receiver’s private key.
Mozilla.org
In practice, WebAuthn API could present itself in a variety of forms – all utilizing pairs of both public and private keys. When in the process of registering for a site or logging into an existing account, users could plug a USB device into their computer that would then grant them access to the site without the use of a password.
User’s cell phones could also function as the device that would connect to the computer (instead of a USB device). Then, it would allow a user to log in to their account or register for one.
Another method could present itself as a user visiting ‘example.net’ on their computer to register an account. After the user clicks to submit their request for registration, they would receive a notification on their phone prompting them to confirm they were indeed attempting to register an account on ‘example.net.’ After the user confirms their registration attempt, their phone would then display either a short PIN to type into the webpage on their computer or a request to scan their fingerprint/face. After this confirmation, the registration process would be complete and the user would be granted entry to the site. This method would apply for the login process, as well.
When will it become available?
At the time of this article’s publication, May 2019, the standard is projected to be a mainstream service in the next few years.
While this standard has been tested on small sample sizes and heavily discussed in the IT industry, more testing and development must be completed before it is per diem practice for most web applications.
Several demos of Web Authentication are currently available to the public. Users may access and utilize these demos to understand how this standard securely stores account data and prevents unauthorized users from being able to access an authorized user’s account.
Final thoughts on WebAuthn (For Now)
As an IT Advisory company specializing in security, Digital Maelstrom is eager to see the day Web Authentication is adopted across all web browsers.
This standard, as already demonstrated, is expected to greatly increase the security of accounts for online services that employ Web Authentication. We hope to see companies implement this standard of authentication to their web pages so that users can be confident that their accounts are safe from being hacked.
As this is a developing story, we will be posting updates throughout the growth of the technology to keep readers up to date on the development of WebAuthn.
For those interested in learning more, the Guide to Web Authentication by Suby Raman provides another holistic understanding of the standard.
What are your thoughts on Web Authentication? When do you expect web developers to begin implementing this standard across web browsers? Do you have a web service and have questions about seeing WebAuthn implemented onto your site? Reach out and let us know your thoughts!
[/vc_column_text][/vc_column][/vc_row]