It sends the public key to the site, which stores it along with the account.
Your hardware device generates a unique private-public keypair for the site, and retains the private key in its tamper-resistent hardware. You visit a site or use an app that supports the standard, prove your identity, and then plug in your WebAuthn-equipped key like the YubiKey 5Ci, and tap it. Instead of relying on plain text codes that can intercepted or generated, WebAuthn uses public key cryptography and creates a unique encryption key for each site. WebAuthn has the same sort of advantage over texted and app-generated second factors as Apple’s Secure Enclave in iPhones, iPads, and the T2 Security Chip in Macs-and in similar security chips in other devices-in requiring possession of a piece of unique hardware that can’t have data extracted from it. But developers have clearly tried to minimize compatibility issues by using strict filters about which browsers it believes are capable. The numbers have increased as browsers added support for the finished form of the standard over the last year. Hundreds of websites already allow WebAuthn-based logins, which require very little modification to work alongside other second-factor methods. As a broadly adopted industry standard that leaves security control in a user’s hands, there’s little reason for Apple to stand aside. Apple has enabled WebAuthn in the Safari Technology Preview for the upcoming version 13, that will ostensibly appear in release form in Catalina.Īpple hasn’t yet said whether Safari for iOS and iPadOS will also support WebAuthn. Microsoft Edge, Google Chrome (desktop and Android), Opera, Firefox (desktop and Android), and the built-in Android browser all support WebAuthn in release versions.
This extension to Lightning paired with USB-C is an attempt to push this substantially more secure option to iPhones and iPads, by ostensibly creating demand and interest among Apple users. Yubico already makes a line of USB and NFC (contactless) keys that support earlier secure protocols, while its newer models also handle WebAuthn. That will change in the near future as WebAuthn adoption improves and as the key enters the market.
In testing, the YubiKey 5Ci performs as expected, but many websites aren’t yet ready for iPhone and iPad authentication. It does not yet work with USB-C equipped iPads. The YubiKey 5Ci has a LIghtning connector for use on iOS devices, and a USB-C key for conecting to a Mac.
0 kommentar(er)
