Registration starts by calling createCredential function in webauthn-client.js. Here is a quick demo of deploying and running this project in a fresh Cloud9 environment. if you deploy this app on your own workstation or on a separate VM, you need to configure SSL. In the demo recording below, I used AWS Cloud9 which gives you a quick way to deploy and test the app. This means you have to access the demo application via HTTPS. I'm hoping I'll be able to select that MFA method on AWS but set it up to use Passkeys instead of needing a YubiKey.WebAuthn APIs will be exposed by the user-agent only if secure transport is established without errors.
Putting those two things together, does that mean that the Passkeys feature will allow me to use my Apple devices (via FaceID/TouchID and Secure Enclave) as FIDO2 U2F devices, obviating the need for dedicated U2F USB dongles such as YubiKeys?įor a concrete example, when signing into Amazon Web Services (AWS), one option for MFA is to use FIDO2 to support things like YubiKeys this keeps you from needing to hassle with getting a 6-digit TOTP code from an Authenticator apps, or using insecure SMS to get a code sent to you. I know FIDO2 is what allows "Universal Second Factor" (U2F) devices like YubiKey USB dongles to work as a physical multifactor authentication (MFA) devices. I seem to recall that the new Passkeys feature that Apple announced at WWDC 2022 to be in Apple's Fall 2022 OS updates (iOS 16, macOS 13 Ventura, Safari 16, etc.) seems to be built, at least in part, on industry standard authentication schemes such as FIDO2. To put it more precisely, can Apple's new Passkeys feature allow Apple devices to basically use their built-in Secure Enclaves like built-in U2F devices, replacing external USB security dongles like YubiKeys? So your two factor authentication (2FA) factors become "something you have" (an Apple device with your Passkey private keys in the Secure Enclave), and "something you are" (your face/fingerprint biometrics)?
0 kommentar(er)
