Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C) that plays a crucial role in the FIDO2 Project, led by the FIDO Alliance. The main goal of this project is to establish a standardized interface for securely authenticating users to web-based applications and services. This interface utilizes public-key cryptography to ensure reliable and secure authentication.
SurePassID, as a member of the FIDO Alliance since 2015, has been actively involved in this initiative, working closely and contributing towards advancing web authentication technology.
SurePassID's latest release, version 23.1, includes support for the WebAuthn standard. This standard is an addition to the existing FIDO standards, such as FIDO U2F and FIDO UAF, and SurePassID has been actively promoting its adoption.
Implementing "phishing resistant MFA" requires companies to adhere to the WebAuthn standard as a fundamental requirement. To understand the advantages of phishing resistant MFA over legacy MFA methods, please see SurePassID's "Types of MFA Compared" backgrounder.
Why do you need "phishing resistant MFA"?
According to industry experts and analysts, spear phishing is responsible for more than 95 percent of successful attacks, including ransomware and data breaches, on organizational networks in both the private and public sectors. To combat this growing threat, the White House has issued a cybersecurity executive order and Zero Trust Strategy in collaboration with the Office of Management and Budget (OMB). The order mandates that all US federal agencies implement multi-factor authentication (MFA) by the end of 2024, with a specific focus on MFA solutions that are resistant to phishing attacks.
This proactive approach aims to enhance the security posture of government agencies and encourages other organizations to prioritize phishing-resistant MFA as a crucial component of their cybersecurity and zero trust strategy.
SurePassID has a range of product releases that support FIDO-related technologies. These releases are designed to enhance security and offer advanced authentication options for organizations.