PREDI C TI VE I NTEL L I GE NC E
Setting out to secure
the Internet with
WebAuthn
There has never been such a pressing need for
robust security to protect our digital identities as
more and more of both our personal and business
lives move online. Stina Ehrensvärd, CEO and Founder
of Yubico, talks to Intelligent CISO about how the new
standard for web authentication, WebAuthn, could be set to
put an end to account takeovers and stolen credentials.
R
ecently, the
World Wide Web
Consortium
(W3C) approved
a new standard
for secure web
authentication –
WebAuthn. WebAuthn is the first global
standard for web authentication and is
on track to be supported by all platforms
and browsers, marking a milestone in
the history of Internet security.
With much of our personal and
business lives now online, the need
for stronger security has never been
more important to protect our digital
identities. With WebAuthn, there is now
a clear path to addressing the problem
behind the vast majority of security
breaches – account takeovers due to
stolen online credentials.
www.intelligentciso.com
|
Issue 15
What is WebAuthn?
The development of the WebAuthn
specification was more than a three-
year process but it actually represents
the culmination of more than a decade
of innovation and seven years of
standards work.
Starting first with the adoption of the
Universal Second Factor (U2F) standard,
pioneered by Yubico and Google, then
followed by FIDO2 and now WebAuthn,
these standards are a natural evolution
built upon each other to bring together
new important security capabilities for
the modern web:
Phishing resistance: As an evolution
of the U2F standard, WebAuthn uses
asymmetric (public-key) cryptography
and origin bound key validation to verify
the authenticity of the website where
authentication is taking place. These
built-in security checks significantly
reduce the vulnerability to phishing
attacks and resulting credential theft.
Passwordless login: WebAuthn reduces
reliance on weak passwords by making
it easy for developers to create secure
applications using a choice of stronger
authentication methods. With support
for WebAuthn built into platform and
operating systems, it is now possible
for application developers to upgrade
authentication with a choice of modern
authentication methods.
Modern authentication options:
WebAuthn provides users with the option
to register a choice of authenticators
to their account, including external
hardware security keys as well as built-
33