FB pixel

Apple asks developers to start testing biometric web logins

Face ID and Touch ID now available for FIDO2 authentication
 

apple logo building

Apple updated its mobile operating systems with support for biometric authentication to websites through Face ID and Touch ID in September, and has now laid out the technical steps for developers to make use of WebAuthn API calls and Apple Anonymous Attestation in a blog post.

The feature is expected to reach macOS with the release of version 11, codenamed ‘Big Sur,’ within the next few weeks.

WebKit Security Engineer Jiewen Tan explains how to implement the biometric authentication feature and some different possible use cases in the post. Recommended workflows are provided, with WebAuthn processes mapped against the Safari user interface and WebKit. Tan also gives advice for limiting prompts by setting user gestures to invoke the platform authenticator, and handling the differences between the platform authenticator and security keys.

The optional Apple Anonymous Attestation feature to provide banks and other businesses in regulated industries with “a cryptographic proof of the authenticator’s provenance” so they can comply with regulations while using Touch ID or Face ID biometrics. Tan calls the service “first of its kind,” as a privacy-preserving attestation process that avoids the security problem in basic attestation of all devices with the same attestation certificate having them revoked if one device is compromised.

Apple joined the FIDO Alliance in early-2020 to support the organization’s work towards replacing passwords with biometrics and physical tokens.

FIDO Alliance Executive Director Andrew Shikiar told Biometric Update when Apple announced its support for passwordless web logins on Safari in June that passwordless authentication will be available on the majority of consumer internet services, mostly through FIDO standards, within five years.

Tan urges developers to test the feature “today” to begin providing feedback and big fixes.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

New research explores AI manipulation attacks on face biometric systems

A pair of new research papers address sophisticated fraud attempts on biometric systems using AI, in one case to carry…

 

As biometrics infiltrate the fan experience, will anyone challenge Wicket at the game?

In terms of biometric use cases, security, privacy and fraud prevention are all good – but what if you just…

 

US workers concerned about employers’ digital snooping: GAO

The U.S. Government Accountability Office (GAO), the research arm of the U.S. Congress, this week released a report on the…

 

ID.me and Liminal strengthen executive teams

ID.me and Liminal have made appointments to strengthen their executive leadership teams. ID.me has named Scott Meyer its new chief…

 

Socure takes IDV solutions global, available in over 190 countries

Socure has announced the expansion of its identity verification offerings, which provides coverage for all International Civil Aviation Organization (ICAO)-compliant…

 

Panini expands BioCred suite with new cloud-based IDV platform

Payments processing tech provider Panini is expanding its BioCred identity verification tool, with the introduction of a new cloud-based service…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events