GitHub joins WebAuthn club
GitHub is the latest company to support WebAuthn, a new standard that makes logging into online services using a browser more secure. Continue reading GitHub joins WebAuthn club
Collaborate Disseminate
GitHub is the latest company to support WebAuthn, a new standard that makes logging into online services using a browser more secure. Continue reading GitHub joins WebAuthn club
via Lucas Garron, writing at GitHub’s blog, of outstanding security news at the eponymous version control site: GitHub now fully supports WebAuthn (Web Authentication) for security keys.
“The future of authentication: secure and easy-to-use
Account … Continue reading WebAuthn + GitHub
I am reading on digital signatures:
A valid digital signature gives a recipient reason to believe that the
message was created by a known sender (authentication), that the
sender cannot deny having sent the message (n… Continue reading 2fa attestation object for non-repudiation
WebAuthn is a relatively new API for authentication, and it uses public key cryptography instead of something like passwords.
I am wondering if it is possible to use the cryptographic part for a different purpose, specifically creating di… Continue reading Is it possible to use WebAuthn for digitally signing documents in the browser?
The FIDO foundation provides with metadata web service for UAF (MDS 1.0, https://mds.fidoalliance.org/) and a new web services for FIDO2 / WebAuthn metadata (MDS 2.0, see https://fidoalliance.org/metadata/).
Metadata of some… Continue reading FIDO2: will FIDO foundation MDS 1.0 metadata statements be migrated to MDS 2.0?
Microsoft has put another nail in the password’s coffin by winning a certification that will make it easier to log into Windows machines. Continue reading Windows 10 brings password-free access another step closer
A new security feature allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts. Continue reading Android phones transformed into anti-phishing security tokens
WebAuthN seems to provide essentially two different ways of not performing verifiable attestation: Either by the Relying Party requesting none or by the authenticator choosing self attestation.
Is this purely a protocol desi… Continue reading What is the motivation behind supporting both `none` and `self` attestation in WebAuthN?
Weak or default passwords are behind 81% of data breaches, and most people employ such a password, despite knowing better. Worse still, Internet users recycle the same password across websites and services, making attackers’ job even easier. But … Continue reading Say goodbye to passwords: WebAuthn specification now an official standard
Great news.
If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.
Are you thinking… … Continue reading Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins