WebAuthn 101

A practical guide covering: Web Authentication new standard to move beyond passwords for logins.

Moving Beyond Passwords

World Wide Web Consortium (W3C) announced in March, 2019 that WebAuthn will be the official standard for passwordless login with applications such as Windows 10 and Android platforms, Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) web browsers. Additional details about this announcement can be found here.

In this guide to WebAuthn we will review the evolution of identity access and management solutions for applications highlighting the strengths and weaknesses as well as the future and way forward for next generation authentication that's passwordless and frictionless. 

Our mission is to deliver unrivaled frictionless cybersecurity solutions and peace of mind.  Find out how, by reading this guide.

Table of Contents

What is WebAuthn and Why You Need It?


Binary authentication, two-factor authentication (2FA) and multi-factor authentication are no longer enough for protecting your enterprise identity and resources moving forward.  Why? They are simply easily hacked, outdated technologies and passwords can no longer remain the standard for authentication.

The WebAuthn is a new global standard for web authentication that is browser-based API and allows for web applications to make authentication simpler and more secure. 

 

Webauthn19-Present-Future-Diagram

How Web Authentication Works


The user authenticates with one of their registered devices whether that's phone, laptop or even a gaming console. Those devices serve as your key factors of authentication.

In addition, the authentication uses a public key cryptography  to protect on an individual user level against even the most sophisticated phishing attacks.

 

Webauthn19-Apps-Graphic

Helping Organizations Move Beyond Passwords


Acceptto is leading the transformative shift in cybersecurity by offering an end-to-end Continuous Behavioral Authentication platform versus outdated binary authentication technologies that are simply ineffective. Our solution allows us to leverage immutable identity characteristics that are truly unique to each individual in its context and effectively rendering passwords completely obsolete. With FIDO2 certification and WebAuthn we can start the path to a safer, more phishing-resistant protocol and better user experience for web and mobile application authentication. 

This combination of enhanced FIDO2 authentication with Acceptto's It'sMe solution ensures access to mission critical business applications and documents stays continuously secure with unbreakable authorization.  

 

Fido19-WebAuthn-Diagram (1)

Keeping you safe online with FIDO2, WebAuthn and Acceptto's Continuous Behavioral Authentication


Move beyond MFA with passwordless authentication while ensuring corporate security compliance.

Webauthn19-Badge-Graphic

Acceptto's FIDO Certified Continuous Behavioral Authentication Solution


Acceptto's Continuous FIDO2 Certified Authentication Solution 

Acceptto is certified by the FIDO (Fast IDentity Online) Alliance for the FIDO2 server protocol. FIDO2 combines the World Wide Web Consortium’s (W3C) Web Authentication specification (WebAuthn) and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP), to accelerate the industry’s shift away from passwords by allowing common devices to securely and easily authenticate in both mobile and desktop environments. The concurrent integrations reflect the global need to address traditional binary authentication problems and solve the growing issue of password insecurity.

The Acceptto solution supports both FIDO UAF 1.0 servers and FIDO 2.0 servers, easily integrates with your iOS app and the Acceptto FIDO server to add secure FIDO authentication via the devices sensors (ex: TouchID, FaceID) or pin codeContinuous behavioral authentication service allows your organization to implement extra layer of identity authentication that's compliant and even post authorization.

Remember:

  • 2FA and MFA authentication is not enough. Protect your data and identity from breach even post authorization
  • Detect anomalies and threat actors in real-time with proprietary risk engine
  • Future proof your cybersecurity authentication in your organization with passwordless authentication that's unbreakable
  • Eliminate preventable harm and detect fraud at inception
  • Provide stronger security, a simpler, easy to use and a frictionless experience for legitimate users.
  • First of it's kind solution that's FIDO2 certified with W3C WebAuthn.
Webauthn19-Fido-Certified-Graphic

Say Goodbye to Passwords


Fill out the form below, and we'll be in touch soon to discuss your organization's identity authentication needs. Take the first step to protecting your Identity for LifeTM