Going passwordless with WebAuthn

Somebody you know (or you) have a password 123456 or password.

Somebody you know (or you) use the same password across different accounts.

Somebody you know (or you) have had their passwords exposed in the breached databases.

Long story short, passwords are often extremely easy to figure out and therefore pose a serious risk to the security of networks, users, and data. A solution to this problem is to go passwordless. Leading the charge is WebAuthn, a standard for achieving secure, passwordless login.

What is WebAuthn?

The Web Authentication API, or WebAuthn for short, is a specification maintained by W3C and the FIDO foundation. Using WebAuthn, applications can increase security to prevent phishing attacks and improve user experiences with passwordless authentication. You can also use WebAuthn as an additional factor in a Multi-Factor Authentication (MFA) configuration.

How does WebAuthn work?

WebAuthn, instead of using a password for a web app, has Public Key Infrastructure (PKI) as its foundation, which creates a public/private keypair. The web app holds the public key, and the private key can be stored in a device the user controls. This device could, for example, be the crypto module on a computer, a mobile device or a physical key like a YubiKey. The keypair is unique for each web app, and as such, does not work with a different web app. This makes WebAuthn very resistant to phishing attacks wherein credentials are captured via a malicious app and then used for access in the actual app.

Why WebAuthn?

WebAuthn is one of the most robust and secure approaches to authentication available. The driving force behind its adoption has been Yubico, and the several flavors of its YubiKey is a defacto-standard for phishing-resistant authentication. In addition, WebAuthn is easily configured, and a YubiKey associated with a user brings a seamless approach to user authentication without the need for a password.

Some of the main benefits of WebAuthn include:

  • No need to handle secure storage of passwords.

Where to learn more?

On March 9, join Curity and Yubico in the joint webinar — Phishing Resistant Passwordless Authentication with Curity and Yubico.

In this webinar, we will:

  • Discuss why WebAuthn is the leading choice for achieving phishing resistant user authentication and why it is so broadly adopted;

You can register for the webinar here.

--

--

Curity is the leading supplier of API-driven identity management, providing unified security for digital services. Visit curity.io or contact info@curity.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Curity

Curity is the leading supplier of API-driven identity management, providing unified security for digital services. Visit curity.io or contact info@curity.io