cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Champion

WebAuthn gets approved!!

I've been a fan of FIDO and Yubico for years. I have 5 Yubi keys and am looking at getting a couple of their new units. I am NOT on the Yubico payroll in case you are wondering!

 

It was announced that the Webauthn was approved.  This is huge.  There is no reason for the issues that exist now with password use to continue in the future. Software companies should insist on end users employing a key. If the user isn't interested then the access to that website isn't that important.

 

I could be crippling my own daily use with this policy recommendation as I am not allowed any USB devices, cell phones, digital cameras, etc. at my location.  It would be worth it.

 

MFA to the rescue!

1 Reply
Community Champion

Re: WebAuthn gets approved!!

It was announced that the Webauthn was approved.  This is huge.  There is no reason for the issues that exist now with password use to continue in the future.


Yes, it eliminates the risks of using passwords, and would certainly appeal to most people who don't want to have to handle complex passwords.

 

Software companies should insist on end users employing a key. If the user isn't interested then the access to that website isn't that important.

While that would be a significant enhancement to security, companies may not be eager to mandate it --- unless there are regulations to comply with or their services are limited to employees.

 


MFA to the rescue!


Availing of WebAuthn by itself is a bit of a risk --- if you lose a key and don't have a backup you'll be locked out until a recovery can be done, which might take some time if you haven't set recovery options properly. It would certainly be wiser to combine this with other forms of authentication. 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz