Today’s average internet surfers have close to 88 online accounts, mostly attributed to business vendors and social media. Cybersecurity experts recommend users have a different password for each online account if the user wants to guarantee a safeguard against hackers. However, memorizing 88 online accounts is impossible for the average citizen. Sadly, most people fail to take security seriously and breaches of confidential information continue to occur daily. Nowadays, there is a high volume of usernames, passwords and ultimately user error. As a result, computer engineers invented more convenient and more secure measures to authenticate a person’s identity and improve security. WebAuthn(Web Authentication) portrays exactly such an example.
What is WebAuthn?
WebAuthn is a complex way to prove our identity to an online service without passwords. Computer engineers and coders have different types of web authentications atypical from a traditional log-in. Some WebAuthn types consist of:
- USB security token
- Hardware Security Module – HSM
- Trusted Execution Environment – TEE
- Trusted Platform Module (Discrete, Firmware, Integrated and Software) – TPM
USB Security Stokes and Hardware Security Module
USB security keys and HSMs are like each other by relying on hardware to create a secure relationship between user and machine. HSMs are a more complex version of USB security keys as the employee attaches the ID Badge as a portable authenticator. The NFC (near field communication) powers such an authenticator. HSMs are technically USB security keys, but they can also have security protocols designed through MicroSD cards and PCI-E cards and they do not limit to physical removable and portable interfaces. Network devices may use HSMs to help prevent a breach of information. IT must properly set up a network to interact with an employee on their workplace computer.
Trusted Execution Environment and Trusted Platform Module
TEEs and TPMs are like each other because the security object cannot be removed “at will” like the USB and HSM systems can. Moreover, they are hardwired into the computer’s parts. With these systems, there are dedicated parts of the circuit board to store important security protocols. The TEE- and TPM system were owned by separate competitive companies. At first many people chose sides for the TEE and TPM systems. As time continued the pros and cons of TEE and TPM security protocols became evident. One was not better than the other.
Today we know the TEE and TPM systems are implementing similar strategies of security as a method to team up and streamline their authenticators. For instance, the two companies noticed that TEEs work well with third party programs. They also noticed a TPM can operate inside a TEE system. In a nutshell, a TEE and TPM are almost synonymous to each other regarding security now and they highly refine in today’s market of security system choices.
Which one is more secure?
Hardware security systems like USB security keys and HSMs are the best choice if we trust our coworkers to perceive information security as a top priority in the workplace. USB and HSM systems make coworkers responsible for issued USBs, ID Badges and other types of access cards. If we compromise those objects, companies could experience a breach. TEEs and TPMs are a static security system which cannot be transported out of the office space. In other words, TEE and TPM systems cannot be removed “at will” and are literally more secure. USBs and other HSMs are portable. Teamstack’s WebAuthn system is highly secure, the question is how soon do you need a WebAuthn cloud identity server?
The Future of Passwordless Access
The only way to avoid the confusion of managing 88 potential online accounts, forgetting passwords, forgetting usernames, remembering a large bank of passwords is through WebAuthn’s access management system. Large tech companies have already started to invest large amounts of money into a passwordless workforce by using secure cloud identity servers. Business owners realize WebAuthn disposes of employee error and instead relies on authenticators so workloads can be accessed and worked on now – instead of later.
WebAuthn: A More Detailed Description of Architecture
However, WebAuthn is only half of the solution to use the security devices and platforms discussed. WebAuthn interacts with a web browser. One must remain cognizant of CTAP2, the process of the security device communicating with the authenticator. CTAP2 stands for Client to Authenticator Protocol (obviously the number two indicates an upgrade to the original system).
Fast IDentity online 2 (FIDO 2)
Together, these two parts have a complex relationship of security checkpoints falling under the umbrella term FIDO2. Computer engineers and scientists have taken the time to perfect the seamlessness of the web’s relationship to the security device and the browser. To explain simply, WebAuthn communicates with the device and sends a security token over the internet to the authenticator. After a proper clearance has been registered, the authenticator sends back an electronic file packet confirming a log-in’s access. CTAP2 is the process after the WebAuthn. The client initiates the WebAuthn and apart of that the cloud server’s security system initiates automatically the CTAP2.
FIDO2 also may be used as another factor for a traditional username and password credential pair, for example, a WiFi address may not have a WEP/WPA password. Instead, a traditional web browser will auto-kick us to a prerequisite website requiring web authentication through a username and password. This is a basic form of FIDO2, but this is for another blog post. Teamstack uses WebAuthn systems to guarantee a safe work environment for employees and circumvent the debilitating moment once a user forgets the passwords and/or usernames
WebAuthn for Multi-Factor Authentication
Is there a website that you log onto once a month that is still pressuring you to record your phone number in the Account Settings? This is a basic version of multi-factor authentication that websites are endeavoring to roll out for all their customers. Due to the high number of breaches that service websites have been experiencing with their customers over the past two years, a notification after every log-in by cell phone has become popular. This basic security measure is popular but has risks. Imagine taking this security measure to the next level with WebAuthn cloud identities.
Make sure you share your accounts safely by a cloud identity management system like Teamstack!