View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 25, 2019

eBay Puts Another Nail in the Password Coffin with WebAuthn Rollout

81% of all hacking-related breaches start with stolen or weak passwords...

By CBR Staff Writer

eBay has become the latest company to move towards phasing out passwords, adding WebAuthn-based logins to its web-based version of the ecommerce platform; which has over 183 million registered buyers.

With adoption of the emerging security standard, the company is also one of the first major ecommerce platform to enable biometric authentication as a first factor authentication on web browsers.

Supported devices include Android phones with biometrics enabled using the Chrome browser version 75 and higher, eBay said in a developer blog, saying it plans to expand to more platforms in the future.

What is WebAuthn?

WebAuthn is an emerging standard written by the W3C and FIDO that replaces passwords with an that API allows servers to register and authenticate users using public key cryptography instead of a password.

The specification was created with the participation of Google, Mozilla, Microsoft, Yubico, and others. As of September 2018, there is support for WebAuthn in the stable builds of Chrome, Firefox and Edge.

Users can deploy a fob like a YubiKey to log into their online accounts without typing a password, or use biometrics.

(eBay already offered the feature on its mobile application ).

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Read this: Microsoft Launches Public Preview of Security Key Support: Password-Free Life Creeps Closer

With an estimated 81 percent of all hacking-related breaches starting with stolen or weak passwords and the brute-forcing of passwords ever easier, consensus is growing that passwords as an authentication factor (certainly as a primary one) are a security risk for both businesses and consumers.

Security specialists that while various aspects of WebAuthn continue to be enhanced,  the credential API is not expected to change much and now is as good a time as any to develop WebAuthn applications.

For businesses/developers working on their own code, the FIDO Alliance has been developing conformance tools for testing FIDO2 operability, so production-ready implementations of WebAuthn/FIDO2 architecture can be put to the test.

Read this: 16 Million Fortune 500 Passwords Added to Dark Web in 12 Months

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU