Can WebAuthn succeed where Universal 2nd Factor failed?
Back in October, 2015, I wrote about the FIDO Alliance, their U2F standard, and the YubiKey implementation by Yubico. The goal of U2F
is was to describe a method for universal two factor authentication (2FA). Today, 2FA is usually done either by text messages, or by using a mobile application that provides one-time codes. U2F is aimed more at physical tokens, with the YubiKey the most well-known implementation.
While using a physical token like the YubiKey for 2FA is a killer concept, U2F support was only implemented in Chrome, and only supported by a tiny handful of sites. Because of this, U2F never saw any wide spread adaption, and the YubiKey on my key chain continues to be dead weight. It’s not terribly heavy, but dead weight nonetheless.
Now, a new authentication standard, WebAuthn, is seeing the light of day. And it might succeed where U2F failed.Read more