Date:01/08/18
Microsoft is doing its bit for the industry-wide push for the Web Authentication specification that could help kill passwords on the web.
Microsoft Edge, though not as popular as Chrome or Firefox, has made progress on its side of the push for a web without passwords.
“With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords,” Microsoft announced.
As Microsoft rightly points out, today’s websites are trusted to handle all manner of personally identifiable information, from credit card numbers, addresses and even medical records. The frequency of password beaches, password re-use, phishing, and inconsistent and confusing password rules hardly make it the ideal way to protect sensitive information online.
WebAuthn, the W3C standard in-the-making, could be the answer to this problem so long as lots of relevant websites get on board with the program too and support having biometrics stored on phones or security keys —such as YubiCo’s Yuibikey or Google’s new Titan key — offering an alternative to typing in a password.
The relatively new standard builds upon and is compatible with the Universal 2nd Factor (U2F) technology from the FIDO Alliance, which only allows users to sign in to websites with a Yubikey dongle as a second factor. The drawback is that it is only supported by Google Chrome.
Shortly after Firefox supported WebAuthn, Dropbox switched on support for WebAuthn. Since it previously enabled two-factor authentication from Chrome using U2F, Firefox users could also use a Yubikey security key as a second factor.
And while U2F has been adopted mostly by enterprise users, WebAuthn is aimed at consumers and has broader browser support, which started with Firefox 60, followed in Chrome 67 and was expected by Microsoft Edge. Apple Safari support for WebAuthn is under consideration and several WebKit developers are on the standard’s working group.
Microsoft will be introducing its WebAuthn implementation in the next version of Windows 10 due out around October and is part of the Windows 10 Insider Preview Build 17723 (Redstone 5), released last week.
As Firefox currently only supports security keys, Microsoft highlights that it currently has the broadest support available — albeit in a preview version of Windows 10 for Windows Hello users.
The W3C announced in March that WebAuthn had, with support of the FIDO Alliance, reached Candidate Recommendation (CR) as a specification, meaning it was well along to becoming an official specification.
“Microsoft Edge supports the CR version of Web Authentication. Our implementation provides the most complete support for Web Authentication to date, with support for a wider variety of authenticators than other browsers,” said Microsoft.
"Windows Hello allows users to authenticate without a password on any Windows 10 device, using biometrics—face and fingerprint recognition—or a PIN number to sign in to web sites. With Windows Hello face recognition, users can log in to sites that support Web Authentication in seconds, with just a glance.”
Microsoft Edge goes all in on password-less WebAuthn
Microsoft is doing its bit for the industry-wide push for the Web Authentication specification that could help kill passwords on the web.Microsoft Edge, though not as popular as Chrome or Firefox, has made progress on its side of the push for a web without passwords.
“With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords,” Microsoft announced.
As Microsoft rightly points out, today’s websites are trusted to handle all manner of personally identifiable information, from credit card numbers, addresses and even medical records. The frequency of password beaches, password re-use, phishing, and inconsistent and confusing password rules hardly make it the ideal way to protect sensitive information online.
WebAuthn, the W3C standard in-the-making, could be the answer to this problem so long as lots of relevant websites get on board with the program too and support having biometrics stored on phones or security keys —such as YubiCo’s Yuibikey or Google’s new Titan key — offering an alternative to typing in a password.
The relatively new standard builds upon and is compatible with the Universal 2nd Factor (U2F) technology from the FIDO Alliance, which only allows users to sign in to websites with a Yubikey dongle as a second factor. The drawback is that it is only supported by Google Chrome.
Shortly after Firefox supported WebAuthn, Dropbox switched on support for WebAuthn. Since it previously enabled two-factor authentication from Chrome using U2F, Firefox users could also use a Yubikey security key as a second factor.
And while U2F has been adopted mostly by enterprise users, WebAuthn is aimed at consumers and has broader browser support, which started with Firefox 60, followed in Chrome 67 and was expected by Microsoft Edge. Apple Safari support for WebAuthn is under consideration and several WebKit developers are on the standard’s working group.
Microsoft will be introducing its WebAuthn implementation in the next version of Windows 10 due out around October and is part of the Windows 10 Insider Preview Build 17723 (Redstone 5), released last week.
As Firefox currently only supports security keys, Microsoft highlights that it currently has the broadest support available — albeit in a preview version of Windows 10 for Windows Hello users.
The W3C announced in March that WebAuthn had, with support of the FIDO Alliance, reached Candidate Recommendation (CR) as a specification, meaning it was well along to becoming an official specification.
“Microsoft Edge supports the CR version of Web Authentication. Our implementation provides the most complete support for Web Authentication to date, with support for a wider variety of authenticators than other browsers,” said Microsoft.
"Windows Hello allows users to authenticate without a password on any Windows 10 device, using biometrics—face and fingerprint recognition—or a PIN number to sign in to web sites. With Windows Hello face recognition, users can log in to sites that support Web Authentication in seconds, with just a glance.”
Views: 809
©ictnews.az. All rights reserved.
Similar news
- Analysis: New Internet rules will spawn battle for "dots"
- Global software market to bounce back in 2011
- Gartner: Top security vendors are losing market share
- UK health firm signs £1.3m deal for new financial management software
- Suspected LulzSec and Anonymous members arrested in UK
- Dutch study possible Iran hacking of government web sites
- Turkish net hijack hits big name websites
- Coverity software testing package ensures search for God Particle stays on track
- Progress Revolution 2011: IT must focus on adaptability
- French Postal Service Implements Cameleon Software
- Microsoft targets $520bn intelligent device market with next version of Windows Embedded
- Increase in Azerbaijani software market hits 25 percent in 2011
- Microsoft shuffles execs to better manage Windows 8, smartphone ops
- Adobe Q4 profit falls 35%
- Worldwide Database and Data Integration Software Market Expected to Grow 11.6% in 2011, According to IDC
