background preloader


Facebook Twitter

Web Authentication: An API for accessing Public Key Credentials Level 1. Yubico Launches New Hardware Key for FIDO2, WebAuthn Standards - Mobile ID World. WebAuthn. WebAuthn (Web Authentication) is an effort by the World Wide Web Consortium (W3C),[1][2] with input from the FIDO Alliance,[3] to standardize an interface for public-key authentication of users to web-based applications and services.


It implements an extension of the W3C's more general Credential Management API, which is an attempt to formalize the interaction between websites and web browsers when exchanging user credentials. WebAuthn can be used in a single-factor capacity, whereby the user does not have to provide any additional information, such as username and passwords. However, for additional security, the party asking for authentication can still require those characteristics, effectively making this a multi-factor authentication scheme. Optionally, this can also be combined with other authentication factors, such as gestures or biometric verification, which improves overall security, while it is still unnecessary for users to type in long, complex strings of characters. Universal 2nd Factor. A U2F Security Key by Yubico FIDO certified U2F identity credential with USB interface Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards.[1][2][3][4][5] While initially developed by Google and Yubico, with contribution from NXP Semiconductors, the standard is now hosted by the FIDO Alliance.[6][7] Design[edit] The USB devices communicate with the host computer using the human interface device (HID) protocol, essentially mimicking a keyboard.[8] This avoids the need for the user to install special hardware driver software in the host computer, and permits application software (such as a browser) to directly access the security features of the device without user effort other than possessing and inserting the device.

Universal 2nd Factor

Using Hardware Token-based 2FA with the WebAuthn API - Mozilla Hacks - the Web developer blog. To provide higher security for logins, websites are deploying two-factor authentication (2FA), often using a smartphone application or text messages.

Using Hardware Token-based 2FA with the WebAuthn API - Mozilla Hacks - the Web developer blog

Those mechanisms make phishing harder but fail to prevent it entirely — users can still be tricked into passing along codes, and SMS messages can be intercepted in various ways. Firefox 60 will ship with the WebAuthn API enabled by default, providing two-factor authentication built on public-key cryptography immune to phishing as we know it today. Read on for an introduction and learn how to secure millions of users already in possession of FIDO U2F USB tokens. Creating a new credential. FIDO Alliance and W3C Achieve Major Standards Milestone in Global Effort Towards Simpler, Stronger Authentication on the Web. For immediate release With support from Google Chrome, Microsoft Edge and Mozilla Firefox, FIDO2 Project opens new era of ubiquitous, phishing-resistant, strong authentication to protect web users worldwide and Mountain View, Calif. — 10 April 2018 — The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a major standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world.

FIDO Alliance and W3C Achieve Major Standards Milestone in Global Effort Towards Simpler, Stronger Authentication on the Web

The W3C has advanced Web Authentication (WebAuthn), a collaborative effort based on Web API specifications submitted by FIDO to the W3C, to the Candidate Recommendation (CR) stage. The CR is the product of the Web Authentication Working Group, which is comprised of representatives from over 30 member organizations. CR is a precursor to final approval of a web standard, and the W3C has invited online services and web app developers to implement WebAuthn. Web Authentication API - Web APIs. Comment Utiliser Google Drive sur Linux. Lorsque Google a lancé Google Drive, le 24 avril 2012, ils ont promis le support de Linux “à venir.”

Comment Utiliser Google Drive sur Linux

How to sync your documents with Google Drive on Ubuntu. Google Drive is a popular online service that allows for the easy sharing and collaborative editing of documents (word files or spreadsheets). Under the most usual day to day circumstances, the GDrive tool is very useful serving as a cloud space and/or a readily available online collaboration platform. On this guide, we will see how you can install an open source client tool for the service named Grive, and how to set it up according to your needs.

Grive Installation The Grive client can be downloaded as a source or as a deb package from the official website. Ubuntu users can use the corresponding webupd8 repository by adding it on their system at their own risk. Sudo apt-add-repository ppa:nilarimogard/webupd8sudo apt-get updatesudo apt-get install grive This will install the software in your system and if done right, you should be able to run it from the terminal. Developments to WebAuthn and the FIDO2 Framework. Industry News October 2nd, 2018 Nick Steele Since my last blog post on WebAuthn eight months ago, there has been a massive amount of progress made by both vendors and the authors of the specification to bring this spec into usage in browsers and websites.

As of September 2018, there is support for Web Authentication (WebAuthn) in the stable builds of Chrome, Firefox and Edge. While the implementations may vary slightly between the three browser builds, we are well on our way toward the passwordless future set out by WebAuthn and the FIDO Alliance. Additionally, the FIDO Alliance has begun to hold plenary meetings to discuss things like how account recovery should work and best practices for implementation, and interoperability events aimed at getting vendors on the same page with their development versions of the WebAuthn specification. FIDO Alliance FIDO2 Project - FIDO Alliance. “As an active contributor and board member of FIDO, Daon is eager for the launch of FIDO2 to offer new authentication options to our global customers and their users, through our IdentityX platform.

These new standards are another key component in enabling Daon to fulfill its mission of eliminating passwords through biometrics and empowering people across any channel to transact in a trusted manner.” --- Conor White, President (Americas), Daon. Yubico Developers. Key generation. Dev guide - Web authentication - Microsoft Edge Development. Chrome 70 prend en charge le Touch ID des MacBook Pro.

Chrome : le Touch ID des MacBook Pro pour s'authentifier sur le web. Les géants high-tech veulent tuer le mot de passe grâce à la biométrie. Ce nouveau standard va-t-il enfin nous permettre de nous débarrasser des mots de passe ? Accueil GilbertKALLENBORN Journaliste Inscrivez-vous gratuitement à laNewsletter Actualités Issue du consortium FIDO Alliance, la technologie d’authentification WebAuthn a été promue par le W3C, ce qui lui permet de devenir un standard universel du web.

Ce nouveau standard va-t-il enfin nous permettre de nous débarrasser des mots de passe ?

Bientôt, les mots de passe ne seront peut-être plus qu’un mauvais souvenir. Naviguer sur le web sans avoir à rentrer un seul mot de passe, telle est la promesse de « WebAuthn », une technologie d’authentification qui vient de recevoir le statut de « Candidate Recommandation » de la part du W3C. En réalité, WebAuthn n’est pas totalement nouveau.

Connexion sécurisée : l'API WebAuthn presque finalisée, une première Yubikey FIDO2. L'utilisation des clés de sécurité et autres dispositifs biométriques pour se connecter simplement à des sites est une réalité qui se rapproche à grands pas.

Connexion sécurisée : l'API WebAuthn presque finalisée, une première Yubikey FIDO2

Le W3C et la FIDO Alliance arrivent au bout du travail sur l'API WebAuthn qui doit fortement simplifier la pratique dans ce domaine. FIDO2. FIDO2 marks an evolution of the U2F open authentication standard and enables strong passwordless authentication built on public key cryptography using hardware devices like security keys, mobile phones, and other built-in devices.


FIDO2 is an open authentication standard that consists of the W3C Web Authentication specification, WebAuthn API (Application Programming Interface), and the Client to Authentication Protocol (CTAP). CTAP is an application layer protocol used for communication between a client (browser) or a platform (operating system) and an external authenticator (Security Key by Yubico). Yubico and Microsoft are core contributors to the CTAP protocol and the specification is hosted by the FIDO Alliance. FIDO2. Security Keys. Introduction Predictions of, and calls for, the end of passwords have been ringing through the press for many years now.

Security Keys

The first instance of this that Google can find is from Bill Gates in 2004, although I suspect it wasn’t the first. None the less, the experience of most people is that passwords remain a central, albeit frustrating, feature of their online lives. Security Keys are another attempt address this problem—initially in the form of a second authentication factor but, in the future, potentially as a complete replacement. Security Keys have gotten more traction than many other attempts to solve this problem and this post exists to explain and, to some extent, advocate for them to a technical audience. Very briefly, Security Keys are separate pieces of hardware capable of generating public/private key pairs and signing with them. Enabling Strong Authentication with WebAuthn   The problem Phishing is the #1 security problem on the web: 81% of hacking-related account breaches last year leveraged weak or stolen passwords.

Enabling Strong Authentication with WebAuthn  

The industry's collective response to this problem has been multi-factor authentication, but implementations are fragmented and most still don't adequately address phishing. We have been working with the FIDO Alliance since 2013 and, more recently, with the W3C to implement a standardized phishing-resistant protocol that can be used by any Web application. WebAuthn demo. WebAuthn: Multi-factor Auth For Everyone. Guide to Web Authentication.