The new web authentication standard, known as WebAuthn, was recently approved by the World Wide Web Consortium (W3C) in March, and is rapidly gaining momentum. Since 2007, Yubico has been driving the development of open standards, and collaborating with partners to bring more secure authentication methods to users. Through these combined efforts, we co-created WebAuthn.
What makes WebAuthn so noteworthy is that it is supported by all major platforms and browsers, providing users with greater choice of simple authentication methods that protect against phishing attacks. With WebAuthn, users can choose to use any combination of external authenticators, such as a security key, and internal authenticators, such as a biometric keypad on a computer, to secure access to web services and applications. That’s huge.
Microsoft, Google, and Mozilla already support WebAuthn in their web platforms and browsers. Support is currently on the developer preview version of Apple Safari. Upcoming support on Brave browser has been announced by Brave Software. Along with the platform and browser support, a growing number of web services have also rolled out WebAuthn support to their users, including Login.gov, Singular Key, Daon, Isosec, Twitter, and Ping Identity, with more services committed to launching support in the near future.
WebAuthn is quickly gaining momentum, so we asked some of our Works with YubiKey partners to share why they decided to implement support. Here’s what they said:
Jasper Patterson, Web Developer, 1Password
“Our goal at 1Password is to make it easy for people to stay safe online, and adopting modern standards like WebAuthn helps us achieve that. Integrating WebAuthn into our existing two-factor implementation took about a week. The API is well designed and easy to work with for developers.”
WebAuthn offers significant security gains over traditional time-based one-time password (TOTP) or SMS-based two-factor authentication (2FA), all thanks to its secure design based on public key cryptography.
Yves Audebert, CEO, Axiad IDS
“Extending Axiad ID Cloud to support WebAuthn/FIDO2 is a step forward in providing a passwordless and frictionless authentication experience to our customers. Axiad ID Cloud leverages all the features offered by YubiKeys to further our commitment to meeting our customers’ authentication needs.”
Axiad ID Cloud is a standards-based higher-trust identity assurance platform that provides multi-factor authentication (MFA) and dedicated PKI services to secure digital interactions. Axiad IDS expects to roll out support in the back half of this year.
Ben Goodman, SVP, Global Business and Corporate Development, ForgeRock
“ForgeRock is excited to offer WebAuthn as a native authentication option for our identity platform. Hardware authentication enabled by WebAuthn provides a more secure user authentication option, while simultaneously making for an easier, more frictionless experience. This is a “Win-Win” for end-users and application owners.”
ForgeRock’s Intelligent Authentication technology has the capability to orchestrate a multitude of authentication options. WebAuthn support enables ForgeRock to seamlessly extend that functionality to a whole new breed of devices and authenticators.
Jeff Broberg, Sr. Director, Product Management, OneLogin
“WebAuthn simplifies the rollout and adoption of MFA by enabling users to leverage authenticators across mobile and desktop platforms in a more integrated fashion. Combining external authenticators, like the YubiKey, with desktop and mobile biometric sensors benefits both enterprise admins and end users.”
Adopting strong and simple authentication is critical to secure corporate resources from advanced cyber identity threats. With WebAuthn support, OneLogin expands their portfolio of strong authenticator options and makes it simpler for users to choose an authenticator that works best with their primary device.
Arshad Noor, CTO, StrongKey
“We recognize that behavior change is no easy task. Our implementation of FIDO2 and the certification of our FIDO2 server enable us to provide the ease and convenience of WebAuthn to our customers and their users through a safer and more user-friendly alternative to passwords.”
StrongKey has been committed to providing the strongest possible level of encryption and authentication technology to keep data safe for almost two decades. With WebAuthn support, StrongKey delivers phishing-resistant authentication to their users.
Jai Dargan, VP Product Management, Thycotic
“We’re excited to be a part of the Works with YubiKey program, and work together to educate customers about the benefits of strong, hardware-backed MFA.”
Thycotic and Yubico share the same vision that security should be easy to use, even for large organizations with dispersed teams and hundreds of thousands of assets to protect.
Yubico offers free resources and tools for rapidly implementing WebAuthn into an app or service. Visit the Yubico For Developers page to get started. To experience WebAuthn first-hand, visit our WebAuthn demo site.
Learn more about WebAuthn by downloading the WebAuthn Solution Brief, or chatting with us at the Yubico booth (#417) at Identiverse on June 25-27, 2019.