WebAuthn mizanin shiga ba tare da kalmomin shiga ba

Darkcrizt

4 minti

tambarin-yanar gizo

A yau W3C (shafin yanar gizon yanar gizo) da kawancen FIDO (wanda ke aiki tukuru don samar da ingantaccen ingantaccen ingantacce don maye gurbin kalmomin shiga) hsun sanar da cewa sun kammala daidaitaccen tsarin WebAuthn don amintaccen haɗin kalmar sirri.

WebAuthn shine yanayin tsaro wanda satar kalmar sirri da bayanan sirrin da ke gudana, A watan Mayu 2016, kungiyar aiki ta tabbatar da yanar gizo ta W3C (WebAuthn) da FIDO Alliance (Fast IDentity Online) sun buga wani daftarin aiki kan takamaiman ma'aunin ingantaccen bincike ga masu bincike daban-daban, WebAuthn misali.

Manufarta ita ce a ba da izinin kowane rukunin yanar gizo ko sabis na kan layi don amfani da aikace-aikace, maɓallan tsaro ko bayanan kimiyyar halitta a matsayin hanyar shiga maimakon kalmomin shiga ko amfani da waɗannan sabbin hanyoyin azaman hanyar tabbatarwa ta biyu.

Wannan daidaitaccen an tsara shi ne don kawar da buƙatar shigar da kalmomin shiga lokacin da masu amfani suka haɗa Intanet.

Da kyau babban maƙasudin shine don tabbatar da samun dama ga aikace-aikacen yanar gizo.

Yanzu lokaci ya yi da masu amfani da yanar gizo da 'yan kasuwa su rungumi WebAuthn don hana raunin shiga kalmar sirri da inganta tsaron kwarewar masu amfani da yanar gizo, "in ji Jeff Jaffe.

Da wadannan kalmomin ne Shugaba W3C ya yi tsokaci a kan nasarar kokarin da aka yi na kammala kalmomin shiga.

Kuma da kyau, a yau WebAuthn yanzu ya zama mizanin gidan yanar gizo na hukuma, wanda suke ɗaukar mahimmin mataki wajen sa yanar gizo ta kasance amintacce kuma mafi amfani da masu amfani a duniya.

Yanzu suna neman dandamali na kan layi suyi amfani da wannan sabon tsarin.

“Aikace-aikacen yanar gizo da aiyuka na iya kuma kamata ya ba da damar wannan fasalin ta yadda masu amfani da su za su iya samun sauƙin haɗi ta hanyar amfani da kimiyyar kere kere, na’urar hannu ko maɓallan tsaro na FIDO, tare da tsaro fiye da kalmomi kawai. password “, kayi jayayya a hade da W3C da kawancen FIDO.

FIDO2 da WebAuthn: mafita ne ga matsalar kalmar sirri

Don bayananka, FIDO2 ya sadu da ƙididdigar Tantancewar Yanar Gizo na W3C da FIDO Alliance Client Authentication Protocol (CTAP).

Ta hanyar FIDO2 da WebAuthn, Kungiyoyin biyu sun yi imani da cewa al'umar fasahar duniya hya ɓullo da wani na kowa bayani ga kowa kalmar sirri matsala- Maganin ergonomic akan satar kalmar sirri, mai leƙan asirri da sauran nau'ikan harin wannan nau'in.

fido2

FIDO2 zai warware duk matsalolin da ke tattare da ingantaccen gargajiya, kamar yadda aka bayyana a cikin takardar sanarwa daga W3C da kawancen FIDO:

Tsaro: Takaddun shaida na shiga cikin FIDO2 suna da banbanci akan kowane gidan yanar gizo kuma babu wani bayani game da kayan masarufi ko wasu bayanan sirri kamar su kalmomin shiga da ke fitowa daga tashar mai amfani ko adana su a cikin sabar.

Wannan samfurin tsaro yana kawar da duk wata barazanar fyauce, duk nau'ikan satar kalmar sirri da hare-haren "sake kunnawa".

Ta'aziyya: Masu amfani suna haɗi tare da hanyoyin da suka dace kamar masu karanta zanan yatsan hannu, kyamarori, maɓallan tsaro na FIDO, ko na'urorin hannu.

Tabbatarwa: Maballin FIDO na musamman ne ga kowane rukunin yanar gizo, ba za a iya amfani da su don bin diddigin shafuka ba.

Scalability: rukunin yanar gizo na iya kunna FIDO2 tare da kira mai sauƙi na API akan duk masu bincike da dandamali.

WebAuthn zai adana lokaci kuma ya ba da tsaro

A cikin Nazarin Tsaro na Verizon na 2017, kawancen W3C da FIDO sun bayyana cewa yanzu an tabbatar da cewa kalmomin shiga sun rasa tasirin su.

Tsoffin, ƙananan, ko kalmomin shiga da aka sata ba kawai suna haifar da kashi 81% na lalacewar bayanai ba, amma kuma ɓata lokaci da albarkatu.

Har ila yau, yana nufin binciken da aka yi kwanan nan ta mai ba da maɓallin tsaro Yubico, har yanzu bayyana cewa masu amfani suna amfani da awanni 10.9 a kowace shekara wajen shigarwa ko sake saita kalmomin shiga, wanda ke cinikin kasuwanci kimanin dala miliyan 5.2 a shekara.

WebAuthn tuni yana da tallafi

WebAuthn tuni yana tallafawa Windows 10 da Android da kuma masu bincike na yanar gizo Google Chrome, Mozilla Firefox, Microsoft Edge, da Apple Safari (a cikin samfoti).

Wannan yana nuna cewa ɗaukan ku a kan hanya madaidaiciya. Kawancen FIDO ya kuma ƙaddamar da shirin ba da izini ga masu siyarwa waɗanda ke shirye su aiwatar da daidaitattun a kan binciken su ko dandamali. Wannan zai hanzarta ƙarshen kalmomin shiga.

Source: w3.org


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.