Collaborate Disseminate
The FIDO foundation provides with metadata web service for UAF (MDS 1.0, https://mds.fidoalliance.org/) and a new web services for FIDO2 / WebAuthn metadata (MDS 2.0, see https://fidoalliance.org/metadata/).
Metadata of some… Continue reading FIDO2: will FIDO foundation MDS 1.0 metadata statements be migrated to MDS 2.0?
Microsoft has put another nail in the password’s coffin by winning a certification that will make it easier to log into Windows machines. Continue reading Windows 10 brings password-free access another step closer
A new security feature allows users of Android 7 and later to use their smartphones to authenticate themselves to their Google accounts. Continue reading Android phones transformed into anti-phishing security tokens
WebAuthN seems to provide essentially two different ways of not performing verifiable attestation: Either by the Relying Party requesting none or by the authenticator choosing self attestation.
Is this purely a protocol desi… Continue reading What is the motivation behind supporting both `none` and `self` attestation in WebAuthN?
Weak or default passwords are behind 81% of data breaches, and most people employ such a password, despite knowing better. Worse still, Internet users recycle the same password across websites and services, making attackers’ job even easier. But … Continue reading Say goodbye to passwords: WebAuthn specification now an official standard
Great news.
If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.
Are you thinking… … Continue reading Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins
Google and Mozilla are tidying up security features and patching vulnerabilities in Chrome and Firefox for Mac, Windows, and Linux. Continue reading Update now! Chrome and Firefox patch security flaws
Naked Security attempts to demystify passwordless web authentication. Continue reading The passwordless web explained
Troy Hunt sounds off on how both consumers and services have a joint role in creating and enforcing strong passwords. Continue reading Podcast: Troy Hunt Talks Bad Passwords – and Who’s to Blame for Them
“Password-killing” authentication efforts may be on a road to nowhere. Continue reading Passwords: Here to Stay, Despite Smart Alternatives?