The protection of private data is the most pressing issue for website owners and users. Web site authentication systems are becoming increasingly popular, especially for web resources that use the personal data of their users for authentication. Multi-Programming Solutions offers to learn more about popular user authentication systems – in particular, web fingerprint and Touch ID – and the specifics of their application.
What Is Web API Authentication?
WebAuthn has recently become quite popular among the owners of online resources. It is a standardized specification based on public key cryptography. The specification is based on:
- the authenticator itself. Its functional model does not depend on the key material;
- the so-called trusted execution environment, which makes it possible for WebAuthn to work programmatically;
- trusted platform module, the main purpose of which is to protect the device by using cryptographic keys.
The most popular authenticators are Windows Hello and Apple Touch ID for websites.
How Touch ID for Websites Works
To be precise, Touch ID is the name of the fingerprinting web sensor that is used in many user devices, websites and applications, as well as browsers. Let’s take a closer look at how it operates.
To authorize a user, Apple touch ID uses a snapshot of the user's fingerprint, which is securely enclaved within the processor. The sensor itself is triggered by the “Home” button, on which the so-called recognition ring is located. When you press the button, the sensor reads the fingerprint image, compares it with what is stored in the security enclave and gives access permission. According to the developers, the sensors are activated by capacitive touch and are able to work at different pressure angles, which makes it possible to improve performance with each new use.
Along with the fingerprint sensors of the device, Face ID technology is often used. To create a user credential account, a structural face map is used, which is compared with the registered data when the camera is pointed at the face. This technology is used in almost all Apple devices – from Macbook Pro to iPhone and iPad Pro.
Specifics of Using WebAuthn Login for Browsers
The WebAuthn specification is becoming increasingly popular, and the question of “Can touch ID be used in the browser?” can only be answered with an unequivocal yes. The specification is already available on the following browsers:
The Safari WebAuthn specification is currently available in test mode for iOS device users. Touch ID Windows users can already use the specification to protect their data.
The specification has no restrictions for use – it can be implemented into different websites and platforms. It will provide a higher level of security for users if you let users log in to a website with touch ID. The cryptographic data used for authentication will be unique for each user, and you do not need to use a server to store it, which protects it from intruders.
Which Websites Implement WebAuthn
In order for the touch ID support for browser to work correctly, first you need to make sure that your browser supports the FIDO2 specification, of which WebAuthn is a part, update it and make changes to the settings. After that, you can easily log into the websites of interest using your fingerprint.
There are no restrictions on using the fingerprint authentication website login – it can be used for any kind of online resources. The effectiveness of biometric authentication has already been confirmed by:
- payment systems, including PayPal;
- Alibaba.com and other similar platforms for retailers;
- iTunes, Apple Books, and App Store where you can buy an app, book or music using your fingerprint;
- smart home systems like Siri and Alexa.
Quite popular is also the progressive web app touch ID, which can be used in the work of progressive web applications.
0