“ even if they wildly improve security above baseline, they can be phished.”
“The challenge with current systems is that … they’re too confusing,” Google product manager Christiaan Brand said during a press briefing. You might be wondering why other forms of multifactor authentication - i.e., SMS-based systems that require you to enter a string of numbers before you’re permitted to log in - don’t measure up in the FIDO Alliance’s eyes. Google credits FIDO keys with preventing phishing attempts on its more than 100,000 employees. The FIDO Alliance’s stated mission is to make it easier for folks to log into apps, websites, and services securely, and to reduce the amount of work required for developers. (WebAuthn shipped in Chrome 67 and Firefox 60 earlier this year.) Among the heavy hitters involved are Dropbox, Facebook, GitHub, Salesforce, Stripe, and Twitter. Since 2014, Google’s been working with Yubico, NXP, and other collaborators to develop the Alliance’s standards and protocols, including the new Worldwide Web Consortium’s Web Authentication API.
Lest you worry about FIDO’s staying power, it’s got a considerable amount of momentum behind it. During authentication, the device “proves possession” of the private key by prompting you to enter a PIN code or password or supply a fingerprint or speak into a microphone. When you register a FIDO device with an online service, it creates a key pair: an on-device, offline private key, and an online public key. Register Now FIDO: What is it and why should you care?įIDO is a standard certified by the nonprofit FIDO Alliance that supports public key cryptography and multifactor authentication, specifically the Universal Authentication Framework (UAF) and Universal Second Factor (U2F) protocols.
0 kommentar(er)
