What is WebAuthn? – Security Boulevard |

As organizations leverage multi-factor authentication (MFA/2FA) to secure their employees, many consider using hardware security keys. Found to be the one of the most secure types of MFA, hardware keys, aka universal second factor (U2F) keys, rely on WebAuthn in order to be applied to web-based services. But what is WebAuthn anyways?

The Web Authentication API, colloquially known as WebAuthn, was created by the World Wide Web Consortium (W3C) and the FIDO (Fast IDentity Online) Alliance in collaboration with Microsoft, Google, Yubikey, Mozilla, et al. The protocol leverages public key cryptography to specifically authenticate access to web-based resources like applications and some Platform-as-a-Service and Infrastructure-as-a-Service (PaaS & IaaS) solutions.

When used for authentication, public key cryptography requires that a user present a pair of keys to gain access to a service: a public key and a private key. The public key is shared usually within the services the user accesses and is stored in relation to its respective user. When the user offers the private key upon login, the service combines it with the public key and checks the result against a stored value to authenticate the user.

Some forms of public key cryptography, like SSH keys, use complex digital keys that need to be managed. In contrast, WebAuthn can leverage physical hardware such as a USB drive that securely stores the private key until the user needs it. Regardless of how its implemented, public key cryptography is generally regarded as a more secure alternative to the username and password combination required at most logins.

Despite the fact that public key cryptography is more secure, the password prevails as the core authentication method for most services. With WebAuthn, IT admins can safeguard their users by adding an additional factor to their authentication process, often U2F keys.

Using WebAuthn to apply U2F keys to web resource access provides three core benefits to an organization. Lets go over each below.

While evaluating several forms of 2FA and (Read more...)

View post:
What is WebAuthn? - Security Boulevard

To Foil NSA Spies, Encrypt Everything [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
What is cryptography? - A Word Definition From the ... [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
cryptography: Definition from Answers.com [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
Cryptography - Wikipedia, the free encyclopedia [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
Cryptography - CISSP Domain 07 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
Cryptography Advanced Encryption Standard AES Tutorial,fips 197 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
Faraday Project for Network Security and Cryptography - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
An Overview of Cryptography - Gary C. Kessler [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
An Open Letter from US Researchers in Cryptography and ... [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Gambling with Secrets Part 4 8 Private Key Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Gambling with Secrets Part 1 8 What is Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Public Key Cryptography RSA Encryption Algorithm - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Public Key Cryptography Diffie Hellman Key Exchange - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Intro to Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
Caesar Cipher Ancient Cryptography - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
50 top US cyber security experts write open letter calling for end to NSA 'snoop-ops' [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
Prominent cryptography and security researchers deplore NSA's surveillance activities [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
Obama Stays Silent on Reform of NSA's Crypto Subversion [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
Cryptography experts sign open letter against NSA surveillance [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
US crypto researchers to NSA: If you must track, track responsibly [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
Java Cryptography Architecture (JCA) Overview - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
Cryptography - Part 1 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
Cryptography - Part 2 - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
International Journal on Cryptography and Information Security ( IJCIS) - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust, Deal With It - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
Bitcoin Lowdown: Block Chain Cryptography Trumps Human Trust - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
NSA and GCHQ spoofed LinkedIn to hack Belgian cryptography professor [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
Lecture 17: Elliptic Curve Cryptography (ECC) - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
Cryptography event - Pravega 2014 - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
Lecture 1: Introduction to Cryptography - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
US and UK spy agencies accused of swoop on Belgian cryptography expert [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
Conceal: Facebook's new Java APIs for cryptography on Android [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
Cryptography Apps: How To Keep Your Personal Info Private [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
Cryptography Breakthrough Could Make Software Unhackable [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
Oi, Android devs! Facebook wants your apps to be more secure [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
Lecture 19: Elgamal Digital Signature - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
Lecture 18: Digital Signatures and Security Services - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
Cryptography 1. List some of the attacks on the Diffie ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
Cryptography Breakthrough Could Make Software Unhackable ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
Cryptography: Secret Coding, Spying, and E-Commerce - Video [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
Cryptography - Video [Last Updated On: February 9th, 2014] [Originally Added On: February 9th, 2014]
Public Key Cryptography: RSA Encryption Algorithm - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
Is Bitcoin Anonymous? Arvind Narayanan | Princeton University | Real World Cryptography Workshop - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
A Competitive Study of Cryptography Techniques over Block Cipher - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
How Quantum Computing Will Change Cryptography [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
REALITY LOST - EXCERPT SIX (QUANTUM CRYPTOGRAPHY) - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
Introduction to Cryptography of Bitcoin, Explained! - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
[FOSDEM 2014] USE OTR or how we learned to start worrying and love cryptography - Video [Last Updated On: February 18th, 2014] [Originally Added On: February 18th, 2014]
Reshif's Cryptography Challenge Solution/Walkthrough - Video [Last Updated On: February 20th, 2014] [Originally Added On: February 20th, 2014]
[DEFCON 19] Steganography and Cryptography 101 - Video [Last Updated On: February 22nd, 2014] [Originally Added On: February 22nd, 2014]
A Brief Rundown Of The Spying Questions Intel's CEO Won't Answer [Last Updated On: February 25th, 2014] [Originally Added On: February 25th, 2014]
DEF CON 8 - Jon Erickson - Number Theory Complexity, Theory, Cryptography, and Quantum Computing. - Video [Last Updated On: February 26th, 2014] [Originally Added On: February 26th, 2014]
Was YOUR iPhone at risk of being hacked? Bug in Apple update left mobiles open to identity theft for up to 18 months ... [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
Security researchers urge tech companies to explain their cryptographic choices [Last Updated On: February 27th, 2014] [Originally Added On: February 27th, 2014]
Apple reveals algorithm behind 'encrypted' iMessages [Last Updated On: February 28th, 2014] [Originally Added On: February 28th, 2014]
Wiliest Ways to Keep the NSA at Bay [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
How to Pronounce Cryptography - Video [Last Updated On: March 1st, 2014] [Originally Added On: March 1st, 2014]
cryptography in DNS - Video [Last Updated On: March 3rd, 2014] [Originally Added On: March 3rd, 2014]
Who is the reclusive billionaire creator of Bitcoin? [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
How to say cryptography in Italian - Video [Last Updated On: March 4th, 2014] [Originally Added On: March 4th, 2014]
Massive Linux security flaw dwarfs Apple’s cryptography problems of just last week [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
Security lessons from RSA [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
Visual Cryptography - Video [Last Updated On: March 5th, 2014] [Originally Added On: March 5th, 2014]
Classical Computing Embraces Quantum Ideas [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
Quantum Cryptography Conquers Noise Problem [Last Updated On: March 6th, 2014] [Originally Added On: March 6th, 2014]
REALITY LOST Bonus scene 4. Quantum cryptography Founding Fathers. - Video [Last Updated On: March 7th, 2014] [Originally Added On: March 7th, 2014]
Quantum Cryptography: From Theory to Practice - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
Forcing Trust: Nonlocal Games and Untrusted-device Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
TrustyCon 2014 - New Frontiers in Cryptography - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
REALITY LOST Bonus scene 3. Christian Kurtsiefer on hacking quantum cryptography. - Video [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
Nerlens Noel Tweets Date for Potential NBA Debut [Last Updated On: March 9th, 2014] [Originally Added On: March 9th, 2014]
CISSP SG Cryptography - Video [Last Updated On: March 10th, 2014] [Originally Added On: March 10th, 2014]
More secure communications thanks to quantum physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
New Cryptography Scheme Secured By Quantum Physics [Last Updated On: March 13th, 2014] [Originally Added On: March 13th, 2014]
History Of Cryptography - Video [Last Updated On: March 14th, 2014] [Originally Added On: March 14th, 2014]
avc 19 Cryptography x264 - Video [Last Updated On: March 15th, 2014] [Originally Added On: March 15th, 2014]
Edward Snowden Speaks at SXSW [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
Tor is building an anonymous instant messenger [Last Updated On: April 10th, 2017] [Originally Added On: March 15th, 2014]
learn cryptography learn the following pkcs refrences - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]
[Lec-2][Part-2] Shift Cipher - Symmetric ciphers - Video [Last Updated On: March 16th, 2014] [Originally Added On: March 16th, 2014]