{"id":215341,"date":"2019-03-05T07:37:15","date_gmt":"2019-03-05T06:37:15","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=215341"},"modified":"2021-12-03T23:36:11","modified_gmt":"2021-12-03T22:36:11","slug":"passwort-lose-anmeldung-webauthn-als-standard-freigegeben","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2019\/03\/05\/passwort-lose-anmeldung-webauthn-als-standard-freigegeben\/","title":{"rendered":"Passwortlose Anmeldung: WebAuthn als Standard freigegeben"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>WebAuthn ist jetzt ein offener Standard f\u00fcr passwortfreie Anmeldungen im Web. Denn das World Wide Web Consortium (W3C) hat Web Authentication API (WebAuthn) am 4. M\u00e4rz 2019 zum offiziellen Webstandard erkl\u00e4rt.<\/p>\n<p><!--more--><\/p>\n<p>Mit der Spezifikation k\u00f6nnen sich Benutzer an Ger\u00e4ten mit Biometrie-Support (z.B. Fingerabdrucksensor), an mobilen Ger\u00e4ten und\/oder mit FIDO-Sicherheitsschl\u00fcsseln an ihren Online-Konten anmelden. Es wird also kein Passwort mehr ben\u00f6tigt, was die Sicherheit erh\u00f6hen soll.<\/p>\n<p>WebAuthn wird von Android und Windows 10 unterst\u00fctzt. Ich hatte gerade im Blog-Beitrag <a href=\"https:\/\/borncity.com\/blog\/2019\/02\/27\/android-erhlt-fido2-zertifizierung\/\">Android erh\u00e4lt FIDO2-Zertifizierung<\/a> geschrieben, dass Google Android (ab Version 7.0) \u00fcber seine Google Play Services per Update so nachr\u00fcstet, dass das Betriebssystem FIDO2 zertifiziert ist. Dies erm\u00f6glicht Apps eine Passwort-lose Anmeldung per WebAuthn nach dem FIDO2-Standard.<\/p>\n<p>Auf der Browserseite haben Google Chrome, Mozilla Firefox und Microsoft Edge im vergangenen Jahr alle Unterst\u00fctzung hinzugef\u00fcgt. Apple unterst\u00fctzt WebAuthn seit Dezember 2018 in Vorschau-Versionen von Safari. Weitere Details sind z.B. bei <a href=\"https:\/\/venturebeat.com\/2019\/03\/04\/w3c-approves-webauthn-as-the-web-standard-for-password-free-logins\/\" target=\"_blank\" rel=\"noopener noreferrer\">VentureBeat<\/a> nachlesbar. Ein deutschsprachiger Artikel findet sich <a href=\"https:\/\/www.heise.de\/newsticker\/meldung\/Passwortlose-Anmeldung-WebAuthn-ist-beschlossene-Sache-4325432.html\" target=\"_blank\" rel=\"noopener noreferrer\">hier<\/a>.<\/p>\n<p>Hier noch die Pressemitteilung des W3C und der FIDO Alliance:<\/p>\n<blockquote><p>Dear all,<\/p>\n<p>Today W3C and FIDO Alliance are pleased to announce that the Web Authentication (WebAuthn) specification is now an official web standard. This advancement is a major step forward in making the web more secure\u2014 and usable\u2014for users around the world.<\/p>\n<p>WebAuthn is a user-friendly solution to password theft, phishing and replay attacks.<\/p>\n<p>W3C's\u00a0WebAuthn Recommendation, a core component of the FIDO Alliance's FIDO2 set of specifications, is a browser\/platform standard for simpler and stronger authentication. \u00a0WebAuthn allows users to log into their internet accounts using their preferred device. Major browsers and platforms now have built-in support for new Web standard for easy and secure logins via biometrics, mobile devices and FIDO security keys.<\/p>\n<p>Web services and apps can \u2014 and should\u2014turn on this functionality to give their users the option to log in more easily via biometrics, mobile devices and\/or FIDO security keys, and with much higher security over passwords alone. \u00a0\"Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,\" notes Jeff Jaffe, W3C CEO.<\/p>\n<p>For more information, please see the press release\u00a0here\u00a0(and text version below).<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>WebAuthn ist jetzt ein offener Standard f\u00fcr passwortfreie Anmeldungen im Web. Denn das World Wide Web Consortium (W3C) hat Web Authentication API (WebAuthn) am 4. M\u00e4rz 2019 zum offiziellen Webstandard erkl\u00e4rt.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[908,426],"tags":[4338,4328],"class_list":["post-215341","post","type-post","status-publish","format-standard","hentry","category-internet","category-sicherheit","tag-internet","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/215341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=215341"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/215341\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=215341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=215341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=215341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}