A major step forward for better security, privacy and usability on the #Web with the publication of the Web Authentication specification as #CandidateRecommendation w3.org/TR/2018/CR-webauthn-2… #timetoimplement
This tweet is unavailable
Mar 20, 2018 · 2:59 PM UTC
1
5
#WebAuthn enables strong authentication using securely-held public keys with user content, rather than #passwords - given how fragile passwords are, this is a pretty big deal.
2
1
This is not "just" about 2-factor auth - in the future, it should also help replace passwords as 1st auth mechanism.
@mozhacks gives a good intro to the spec hacks.mozilla.org/2018/01/us…
1
The spec use case scenarios illustrate how it all works: w3.org/TR/webauthn/#use-case… - it can be used both during the registration and the authentication phases.
@MozDevNet already has a good overview of how to use the API developer.mozilla.org/en-US/…
1
3
3
It builds upon the Credential Management API which enable Web apps to rely on the browser credential management store w3c.github.io/webappsec-cred…
1
This work has been made possible thanks to the coordination with the @FIDOAlliance that ensured a set of #FIDO2 Client To Authenticator Protocol (#CTAP) implementations
1
1
The API is available in @firefox v60+ and in @googlechromedev v65+ behind a flag, with support limited to USB U2F tokens at the moment.
The spec is developed at github.com/w3c/webauthn/
2
2
9