A look at password security, Part IV: WebAuthn

As discussed in part III public key authentication is great in principle but in practice has been hard to integrate into the Web environment. However were now seeing deployment of a new technology called WebAuthn short for Web Authentication that hopefully changes that.1.

Previous approaches to public key authentication required the browser to provide the user interface. For a variety of reasons the interfaces were bad the sites wanted to control the experience this didnt work well for sites and public key authentication didnt get much adoption. WebAuthn takes a different approach which is to provide a JavaScript API that the site can use to do public key authentication via the browser.

The key difference here is that previous systems tended to operate at a lower layer typically HTTP or TLS which made it hard for the site to control how and when authentication happened.2 By contrast a JS API puts the site in control so it can ask for authentication when it wants to e.g. after showing the home page and prompting for the username.


Read Full Post

News Link: https://blog.mozilla.org/blog/2020/08/20/password-security-part-iv-webauthn/.
RSS Link: https://blog.mozilla.org/feed/.

Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!

Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.

Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.