What is WebAuthN? Possibly the answer to all web authentication

With strong support from Google, Microsoft and other vendors, WebAuthN is poised to become a true standard for passwordless authentication over the web.

For decades we’ve been trying to replace the easily hackable, ubiquitous, single-factor logon name/password authentication deployments with something better. At least for web-based scenarios, the answer is finally here in the form of the new Web Authentication (WebAuthN) standard and API. WebAuthN enables website owners and service providers to present a unique cryptographic challenge that is bound to its origin. Local authentication of any kind is stored on and never leaves the user’s device.

It is likely that within just a few years, most serious websites and services will be WebAuthN-based, particularly those using multi-factor authentication (MFA) and passwordless solutions. Even websites using single-factor, passwordless solutions will benefit by using WebAuthN.

The question is if WebAuthN is the right standard and can it be hacked? The answer is yes to both.

Introducing WebAuthN

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!