White paper: Bridge to Passwordless best practices
“And the winner is… WebAuthn!”
A few weeks ago at the European Identity Conference (EIC) in Munich, WebAuthn won the award for Best Future Technology and Standard Project. As a co-chair of the W3C WebAuthn working group and lead authors of FIDO U2F/FIDO2, Yubico was invited to receive the award on behalf of all who collaborated on the standard.
There is no doubt that the winning authentication standard is gaining momentum. Last week, Apple enabled default WebAuthn support on macOS in its Safari Technology Preview, while Twitter and Coinbase announced their upgrade from FIDO U2F to WebAuthn. At Yubico, our team is busier than ever supporting hundreds of services across the globe in their process of making support for the YubiKey, Security Keys and WebAuthn.
Initially deployed by all the leading internet companies, we are excited to see WebAuthn adoption expanding across a wider range of industries,regions, and use cases including the protection of electronic identities for European citizens, blockchain technology services and financial institutions. One of the leading banks was encouraged to make support for WebAuthn after one of their customers approached them with the question, “How come authenticating to my Google and Facebook account is more secure than the service that holds my money?”
The FIDO U2F, FIDO2 and WebAuthn names can be confusing, but they are all part of the same standards initiative. The varying naming conventions are a result of the further development and expansion from the industry consortium FIDO Alliance (FIDO U2F and FIDO2) to the W3C web standards organization (WebAuthn). In March 2019, W3C approved the WebAuthn standard, which is built-on, and backward compatible with U2F.
We encourage all services to implement or migrate to WebAuthn so their end users have more choices from an ever-expanding list of browsers and authentication options including one-factor, two-factor and passwordless login. With free open source servers and development resources available from Yubico and others, service providers are rapidly making support for WebAuthn to stop phishing and radically cut support costs. Users enjoy safer and easier login with the growing options of built-in and external FIDO/WebAuthn authenticators, also known as security keys. This award winning web authentication standard let’s everyone win — except the fraudsters!
To learn more about the WebAuthn open standard and how it can benefit your organization, read our ‘Going Passwordless’ whitepaper. We also offer full development resources on our developer site to enable rapid WebAuthn implementations.