BT

Firefox introduz Web Authentication API

| por Kevin Ball Seguir 3 Seguidores , traduzido por Diogo Carleto Seguir 31 Seguidores em 07 jun 2018. Tempo estimado de leitura: 2 minutos |

With the Firefox 60 release on May 9, Firefox became the first major browser to support the Web Authentication API. This API enables users to avoid text-based passwords for websites and instead uses a local device with a biometric check or private PIN to generate a secure cryptographic identifier. Support for the API is in development for Chrome and Edge, and under consideration for Safari.

The specification is coming out of the FIDO Alliance in collaboration with W3C. According to the FIDO Alliance website:

The specifications and certifications from the FIDO Alliance enable an interoperable ecosystem of hardware-, mobile- and biometrics-based authenticators that can be used with many apps and websites. This ecosystem enables enterprises and service providers to deploy strong authentication solutions that reduce reliance on passwords and protect against phishing, man-in-the-middle and replay attacks using stolen passwords.

The Web Authentication API would allow users to sidestep the insecurity and frustration of having to remember passwords for every website in favor of a simple biometric check on a physical device like a phone or USB device. In a blog post, Nick Steele of Duo Security explains what this would look like:

There are more than a few different cases for how WebAuthn would work in practice, but the most common example is this: A user visits a website, let’s say cat-facts.com, on their laptop and goes to register an account. After pressing a button to begin registration on the site, they receive a prompt on their phone saying "Register with cat-facts.com."

Once they’ve accepted the request, the user would be asked to perform an "authorization gesture," such as typing in a PIN or biometric action that is associated with the account they are creating. After providing this, the website on the laptop would display something to the effect of "Registration complete!"

The user can now log in to cat-facts.com using the same phone and authorization gesture.

According to the Chrome tracking bug, the Web Authentication API will be available in Google Chrome version 67 for Desktop, scheduled for release on May 27, 2018. Microsoft Edge supports an earlier version of the API, with differences noted in their developer documentation. There is a polyfill available to support the current version of the API in Edge. As far as Safari is concerned, the status is murky. The Chrome tracker lists the API as under development in Safari, while the webkit feature status lists it as ‘under consideration’.

An article in 9 to 5 Mac speculates on why Apple might be incented to implement the feature:

There’s as yet no word on Safari, but with all current and recent iPhones and iPads offering either Face ID or Touch ID, and the latter supported on the MacBook Pro too, this would be tailor-made for Apple. It cannot be used with other browsers without Apple’s support.

Developers interested in getting started with the Web Authentication API can learn about it in a short tutorial on Google’s developer website or dive into the documentation on MDN.

Avalie esse artigo

Relevância
Estilo/Redação

Olá visitante

Você precisa cadastrar-se no InfoQ Brasil ou para enviar comentários. Há muitas vantagens em se cadastrar.

Obtenha o máximo da experiência do InfoQ Brasil.

Dê sua opinião

HTML é permitido: a,b,br,blockquote,i,li,pre,u,ul,p

Receber mensagens dessa discussão
Comentários da comunidade

HTML é permitido: a,b,br,blockquote,i,li,pre,u,ul,p

Receber mensagens dessa discussão

HTML é permitido: a,b,br,blockquote,i,li,pre,u,ul,p

Receber mensagens dessa discussão

Dê sua opinião

Faça seu login para melhorar sua experiência com o InfoQ e ter acesso a funcionalidades exclusivas


Esqueci minha senha

Follow

Siga seus tópicos e editores favoritos

Acompanhe e seja notificados sobre as mais importantes novidades do mundo do desenvolvimento de software.

Like

Mais interação, mais personalização

Crie seu próprio feed de novidades escolhendo os tópicos e pessoas que você gostaria de acompanhar.

Notifications

Fique por dentro das novidades!

Configure as notificações e acompanhe as novidades relacionada a tópicos, conteúdos e pessoas de seu interesse

BT