In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .
Agree

Tips and Tricks

[Tips & Tutorials] [Mi Knowledge Hub #4] All About WebAuthn : Say Hello To a Password-Free Future!

2019-05-11 03:06:13
3857 89

Hello Mi Fans,


Passwords have become major irritants both for users and for the security teams that have to support them. Remembering credentials for dozens of sites is difficult, so many people tend to reuse passwords on multiple sites, meaning that if a password is stolen or compromised in a data breach, many separate accounts could be jeopardized. There have been a number of different efforts to address this problem, from password managers to biometrics, but none has become the one overarching solution to the problem.

In an era of data breaches and dumps, it has become crucial to shift to a new paradigm that doesn’t depend on passwords for using internet services. To offer stronger authentication all over the web, the FIDO Alliance and the World Wide Web Consortium (W3C) are launching a new standard called Web Authentication -WebAuthn


What is WebAuthn?

WebAuthn is a process to define the standards of a Web API which can be incorporated in the browsers and web platform infrastructures to provide the new methods to securely authenticate the web with the help of browsers and devices. The Web Authentication (WebAuthn) standard is designed to replace the password with biometrics and devices that users already own, such as a security key, a smartphone, a fingerprint scanner or webcam.

Instead of having to remember an increasingly long string of characters, users can authenticate their login with their body or something they have in their possession, communicating directly with the website via Bluetooth, USB or NFC.



“WebAuthn will change the way that people access the Web,” said Jeff Jaffe,  chief executive of the World Wide Web Consortium (W3C), the body that controls web standards.

How Will WebAuthn Work?

WebAuthn is developed by W3C with the coordination with FIDO Alliance and it is a primary part of the FIDO 2 project along with the FIDO’s Client to Authenticator Protocol (CTAP) specification. CTAP functions when the external authenticator communicates with the user’s internet device. External authenticator like a mobile phone has to communicate using strong credentials locally with the user’s internet device. FIDO 2 project enables the users to authenticate the online services with mobile devices or desktop with the enhanced phishing resistant security.

Instead of entering passwords, WebAuthn allows users to sign in using a fingerprint, retina scan, other biometric data stored in a smartphone, and even using a hardware key plugged into your laptop or a dedicated app. While it is already available to users, browser makers’ support will bring a major breakthrough, pushing for a password-free internet.


One example of how WebAuthn will work is that when a user visits a site they want to log into, they input a user name and then get an alert on their smartphone. Tapping on the alert on their phone then logs them into the website without the need for a password.
WebAuthn promises to protect users against phishing attacks and the use of stolen credentials as there will be nothing to steal, the authentication token is generated and used once by their specific device each time the user logs in.

WebAuthn should also help people use unique login details for each and every service they use, instead of using the same login and password for every site, which many people still do leaving them vulnerable to further attacks if one site is hacked.


“After years of increasingly severe data breaches and password credential theft, now is the time for service providers to end their dependency on vulnerable passwords and one-time-passcodes and adopt phishing-resistant FIDO Authentication for all websites and applications.”  says Brett McDowell, executive director of the FIDO Alliance.

Benefits Of WebAuthn

Simpler authentication: users simply log in with a single gesture using:

  • Internal or built-in authenticators (such as fingerprint or facial biometrics) in PCs, laptops and/or mobile devices
  • Convenient external authenticators, such as security keys and mobile devices, for device-to-device authentication using CTAP, a protocol for external authenticators developed by the FIDO Alliance that complements WebAuthn

Stronger authentication: FIDO Authentication is much stronger than relying only on passwords and related forms of authentication, and has these advantages:

  • User credentials and biometric templates never leave the user’s device and are never stored on servers
  • Accounts are protected from phishing, man-in-the-middle and replay attacks that use stolen passwords

Application of WebAuthn

Google, Mozilla, and Microsoft have started to support the WebAuthn standard in their browsers and have started implementation for the Windows, Linux, Chrome and Mac platforms. Both the CTAP and WebAuthn specifications are available today which will enable the developers to build the support for the next generation of FIDO authentication into their products.


Online services and enterprises who are looking to protect themselves and their customers which involves the risks related to the passwords which include phishing, stolen credentials, and several attacks can soon start using standard authentication process that will work through browser or external authenticator. So, deploying the FIDO Authenticator can enable the users to choose the users accessing through various devices.

The standards of the FIDO 2 project will reach out across the globe and many companies have taken an oath to start implementing the FIDO authenticator in their browsers and operating system. Simultaneously, FIDO will also launch the certificates to the servers and authenticators who are adhering to the FIDO standards.


Though this does not mean an immediate or even a near-future end of passwords, this is one of the first tangible steps towards an Internet standard being implemented for a future


How Do You feel About Ditching Password and Welcoming this new Web Standard?


Source: 1, 2, 3
Image source: Google


Rate

Number of participants 9 Experience +86 Pack Reason

View Rating Log

2019-05-11 03:06:13
Favorites33 RateRate

Device team

$huvo | from Redmi 4

#1

Let's see what happens in near future
2019-05-11 04:12:54
Thanks for sharing
2019-05-11 04:25:31

Wizard Bunny

georan. | from Redmi Note 5 Pro

#3

Good... if it's come then will safe our security
2019-05-11 05:47:52

Beta Team-Global

deepaksoni8 | from Redmi 6 Pro

#4

thanks for sharing
2019-05-11 07:24:23

News Reporter

ᎮᏒᎥᏁፈᏋ | from Redmi Note 4X

#5

well Explained thank you for sharing
2019-05-11 08:48:54

Pro Bunny

Erdinçer | from MI MAX 2

#6

Thanks for sharing
2019-05-11 11:05:15

Grand Master Bunny

Seragios | from Redmi 5

#7

Thanks for sharing
2019-05-11 11:43:01

Master Bunny

NDaru.NDGOLL | from Redmi 5 Plus

#8

Thank you for sharing
2019-05-11 12:05:41
Very Nice. Thanks
2019-05-11 12:08:28

Wizard Bunny

Manu33xtro | from app

#10

very informative, thanks
2019-05-11 12:27:35
MIUI, the Best of course
please sign in to reply.
Sign In Sign Up

Crossfiree

Süper moderatör

  • Followers

    1068

  • Threads

    66

  • Replies

    310

  • Points

    292092

Aktywny 3 dni pod rząd
Aktywny 7 dni pod rząd
Aktywny 21 dni pod rząd
Aktywny 40 dni pod rząd
Mi Explorers
10k
9th Birthday of Xiaomi
Mi Bunny Winner
বাংলা নববর্ষ
9th Brithday
Suited and Booted
10k Mi Fans
Redmi Note 7
Cast Away
30K Members
Redmi Note 7 Into Space
Mi Love U & I
Bunny Winner
20K Mi Fans
Mi 9 & Mi 9 SE
70K Fans
Mother's Day
Día de las Madres
Best Mi
Happy Mother's Day
Android Q
50K Mi Fans
Mobile Photography Lover
25K

Read moreGet new
Copyright©2016-2019 Xiaomi.com, All Rights Reserved
Content Policy
Quick Reply To Top Return to the list