E authors acknowledge the help of CITIC (FEDER System and grant
E authors acknowledge the assistance of CITIC (FEDER Plan and grant ED431G 2019/01). The study of M.G. is partially supported by Xunta de Galicia Grant GRC ED431C 2018-033. The study of H.V. is partially supported by Ministerio de Educaci grant FPU18/06125. Institutional Critique Board Statement: Not applicable. Informed Consent Statement: Not applicable. Conflicts of Interest: The authors declare no conflict of interest.Eng. Proc. 2021, 7,five of
Proceeding PaperAn Analysis with the Current Implementations Primarily based on the WebAuthn and FIDO Authentication StandardsMarti Rivera-Dourado 1,two, , Marcos Gestal 1,two,three , Alejandro Pazos 1,two,and JosM. V quez-Naya 1,2Grupo RNASA-IMEDIR, Departamento de Ciencias de la Computaci y Tecnolog s de la Informaci , Facultade de Inform ica, Universidade da Coru , Elvi Campus, 15071 A Coru , Spain; [email protected] (M.G.); [email protected] (A.P.); [email protected] (J.M.V.-N.) Centro de Investigaci CITIC, Universidade da Coru , Elvi Campus, 15071 A Coru , Spain IKERDATA S.L., ZITEK, University of Basque Country UPVEHU, Rectorate Creating, 48940 Leioa, Spain Correspondence: [email protected] Presented in the 4th XoveTIC Conference, A Coru , Spain, 7 October 2021.Abstract: During the final few years, some of the most relevant IT companies have started to create new authentication options which are not vulnerable to attacks like phishing. WebAuthn and FIDO authentication standards were created to replace or complement the de facto and ubiquitous authentication approach: PX-478 manufacturer username and password. This paper performs an evaluation from the existing implementations of those standards although testing and comparing these solutions within a high-level evaluation, drawing the context with the adoption of those new requirements and their integration with all the existing systems, from internet applications and services to unique use instances on desktop and server operating systems. Search phrases: WebAuthn; authentication; FIDOCitation: Rivera-Dourado, M.; Gestal, M.; Pazos, A.; V quez-Naya, J.M. An Evaluation of your Existing Implementations Based around the WebAuthn and FIDO Authentication Standards. Eng. Proc. 2021, 7, 56. https://doi.org/10.3390/ engproc2021007056 Academic Editors: Joaquim de Moura, Marco A. Gonz ez, Javier Pereira and Manuel G. Penedo Published: 27 October1. Introduction Username and password is the de facto authentication process applied in almost just about every net application, nevertheless it is Polmacoxib inhibitor threatened by a number of attacks. By far the most relevant one particular is phishing. Throughout the last handful of years, a few of the most relevant IT firms have began to develop new options that are not vulnerable to these attacks. Within this context is where they kind the FIDO Alliance to begin building a protocol to use hardware devices and public-key cryptography to perform authentication. WebAuthn [1] is actually a new W3C authentication API for browsers to produce use of hardware or software program FIDO security keys [2] for replacing or complementing the username and password authentication approach. For that reason, this new strategy is usually applied in two distinct use instances: (1) employing the safety crucial as a second factor authentication strategy, ordinarily following a password; (two) employing the security essential as a first factor authentication method, identifying and authenticating the user, with out the have to have of a username or password. Additionally, net applications usually are not the exceptional systems exactly where FIDO security keys can be of use. Operating Systems, like Windows and Linux, have solutions that make use of thi.