FIDO2: WebAuthn & CTAP

“The WebAuthn specification is a major and collaborative leap forward in the evolution of simpler, stronger user authentication. As pioneers in the authentication space, Duo Security knows that for security to be effective, it has to be easy. WebAuthn’s security and privacy protections, built-in phishing resistance and ease-of-use give it the potential to drive widespread adoption across enterprise and consumer markets, making everyone safer as a result. True passwordless authentication has been sought for a long time – today, we’re closer to realizing that goal with WebAuthn.”

“The fact that users get phished is not really their failing. It was a gap in the internet infrastructure that made them vulnerable. With today’s announcement, the internet community is closing that gap. The internet infrastructure now has the tools to provide user friendly phishing-resistant authentication at scale. Google has been part of this journey since the earliest days, we introduced Security Key based authentication in 2014, the Advanced Protection Program in 2017, and the Titan Security Key in 2018. Now with W3C WebAuthn and FIDO2 client support coming across all major client platforms, an expanded set of capabilities is enabled. We look forward to leveraging these to offer our users additional new intuitive login experiences that are phishing-resistant.”

“Our work with W3C and FIDO Alliance, and contributions to FIDO2 standards have been a critical piece of Microsoft’s commitment to a world without passwords, which started in 2015. Today, Windows 10 with Microsoft Edge fully supports the WebAuthn standard and millions of users can log in to their Microsoft account without using a password.”

“Providing an alternative to phishable and inconvenient passwords that works across devices, apps, browsers, and websites has been the mission of Nok Nok Labs since our inception. The Web Authentication API is an important step towards the goal of enabling simple and strong authentication on the devices we use in our daily lives. It is imperative that the industry as a whole continues to add support for FIDO Authentication into all platforms to better protect consumers in our digital world.”

“As an active contributor and board member of FIDO, Daon is eager for the launch of FIDO2 to offer new authentication options to our global customers and their users, through our IdentityX platform. These new standards are another key component in enabling Daon to fulfill its mission of eliminating passwords through biometrics and empowering people across any channel to transact in a trusted manner.”

“Out of all multi-factor authentication solutions I know of, Web Authentication is our best technical response to the scourge of phishing. Protecting individuals’ privacy and security is fundamental to Mozilla, and Web Authentication plays a key role in that protection. Mozilla supports the advancement of Web Authentication, and its end-goal of a phishing-free future for all the web.”

“One of the key challenges enterprises face today is the ability to mitigate risk while simplifying the login experience for end users at the same time. In supporting FIDO2, Gemalto looks forward to helping organizations rationalize their authentication schemes to effectively manage risk. This can be done by applying the appropriate level of authentication method to diverse use cases, while at the same time making it easy and convenient for end users to securely access multiple enterprise resources.”

“Nok Nok Labs has seen significant momentum and adoption for FIDO based passwordless authentication for anyone using a mobile application; now with the added FIDO2 standard and the W3C WebAuthn specification, we will be able to provide passwordless, privacy-centric, phishing-resistant, secure authentication through Web browsers on your PCs, and mobile devices. I want to thank the browser community for uniting with us to bring about an interoperable, standards based authentication solution for service providers to implement that is easy-to use and secure for consumers.”

“As a board member of the FIDO Alliance and chair of the FIDO Enterprise Adoption Group, RSA strongly believes there is a role for FIDO in our customers’ secure access transformations. We are committed to supporting the new FIDO2 standard in RSA SecurID Access and believe it will be an important component in RSA’s unique ability to provide our customers with a range of secure and convenient authentication options to help mitigate identity risk.”

“Providing security keys to enable simpler yet stronger authentication across all platforms for users worldwide is our primary focus. With this major standards milestone announced by FIDO Alliance and W3C, we are excited to support for the next generation of ubiquitous, hardware-backed FIDO Authentication.”

“Raonsecure is excited to move beyond mobile with FIDO2. Working with the Intel Online Connect platform to bring FIDO authentication to PCs, we are pleased to make it easier for enterprises and individuals to use stronger and more convenient online authentication than ever before, on whatever device they are using.”

“OneSpan is proud to be part of FIDO’s initiative to standardize the authentication industry. As a leading provider of authentication, risk, fraud and mobile security solutions for half of the top 100 global banks, and as a FIDO Alliance Board member and active participant in the FIDO2 working group, OneSpan has embraced the FIDO and FIDO2 standards within our solutions to ensure customers and consumers can easily and securely authenticate to online services.”

“Today’s standardization of W3C’s WebAuthn marks a milestone in the history of open authentication standards and internet security. Together, we achieved the near-impossible: the creation of a global standard supported by all platforms and browsers. Yubico is grateful to be a part of this journey and we look forward to the possibilities this is going to open for seamless, ubiquitous security for all internet users.”