WebAuthn (Web Authentication API) is a global standard specification for secure authentication on the Web, formulated in 2018 by the World Wide Web Consortium (W3C).
This browser-based API allows user authentication on web applications through the creation of strong “credentials” and user-agent-mediated access to authenticators. This could be either in the form of hardware tokens (like U2F security keys) or in-built modules (biometric readers like Google Hello, Apple Touch ID) in the platform. Web Authn has garnered the support of all leading browsers like Chrome, Firefox, and Edge, and is compatible with all leading platforms.
How does WebAuthn Work?
With WebAuthn, a relying party (such as web service) can integrate a strong layer of authentication into applications with a choice of authenticators. It replaces the need for a password with the generation of a private-public key pair (credential) created for a website. While the private key is stored on the user’s device, the public key is generated randomly and shared with the server. The server then uses the public key to confirm the user’s identity.
The following steps are involved in WebAuthn:
Why use WebAuthn?
The public key and private key, both need to be used in conjunction. Therefore, by eliminating the need for a “secret” such as a password, WebAuthn drastically improves data security and prevents data breaches. Even if the public key is hacked, it will not function without the private key – which is stored in the user’s device – and becomes useless.
These are some of the scenarios in which WebAuthn can be useful:
Find out how you can improve data security and prevent data breaches with Akku. Get in touch with us for a free demo today!
Join our mailing list to know how you can control your cloud better.
Data security is a critical business priority today - this is especially true for businesses…
Author: Dinesh Reading Time: 3 mins In the past few months, it seems that any…
Author: Baskar Reading time: 3 mins Why do you need an IAM? These tools help…
How do you strengthen your identity verification processes? Most organizations go the route of…
Your management team says that the time has come to invest in your organization’s cybersecurity.…