BSidesKC 2021 - Alex Lauerman’s ‘Passwords are dead? Long live WebAuthn!’ →
Our thanks to BSidesKC for publishing their outstanding BSidesKC 2021 videos on the Conferences’ YouTube channel.
WebAuthn + GitHub
via Lucas Garron, writing at GitHub's blog, of outstanding security news at the eponymous version control site: GitHub now fully supports WebAuthn (Web Authentication) for security keys.
"The future of authentication: secure and easy-to-use Account security is critical for GitHub. Although we support strong authentication options, many people still don’t use a password manager or two-factor authentication because individual passwords have always been the easiest choice." - via Lucas Garron, writing at GitHub's blog.
WebAuthn, Passwordless Authentication →
via Peter Bright writing at Ars Technica, comes an interesting piece discussing the efforts to implement and deploy WebAuthn, the so-called passwordless authentican scheme promulgated by the W3C, and fully implemented in Mozilla Firefox 60 anf Google Chrome 67. Enjoy!
'This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. Conceptually, one or more public key credentials, each scoped to a given Relying Party, are created and stored on an authenticator by the user agent in conjunction with the web application. The user agent mediates access to public key credentials in order to preserve user privacy. Authenticators are responsible for ensuring that no operation is performed without user consent. Authenticators provide cryptographic proof of their properties to relying parties via attestation. This specification also describes the functional model for WebAuthn conformant authenticators, including their signature and attestation functionality.' via the Web Authetication Working Group