FB pixel

Apple asks developers to start testing biometric web logins

Face ID and Touch ID now available for FIDO2 authentication
 

apple logo building

Apple updated its mobile operating systems with support for biometric authentication to websites through Face ID and Touch ID in September, and has now laid out the technical steps for developers to make use of WebAuthn API calls and Apple Anonymous Attestation in a blog post.

The feature is expected to reach macOS with the release of version 11, codenamed ‘Big Sur,’ within the next few weeks.

WebKit Security Engineer Jiewen Tan explains how to implement the biometric authentication feature and some different possible use cases in the post. Recommended workflows are provided, with WebAuthn processes mapped against the Safari user interface and WebKit. Tan also gives advice for limiting prompts by setting user gestures to invoke the platform authenticator, and handling the differences between the platform authenticator and security keys.

The optional Apple Anonymous Attestation feature to provide banks and other businesses in regulated industries with “a cryptographic proof of the authenticator’s provenance” so they can comply with regulations while using Touch ID or Face ID biometrics. Tan calls the service “first of its kind,” as a privacy-preserving attestation process that avoids the security problem in basic attestation of all devices with the same attestation certificate having them revoked if one device is compromised.

Apple joined the FIDO Alliance in early-2020 to support the organization’s work towards replacing passwords with biometrics and physical tokens.

FIDO Alliance Executive Director Andrew Shikiar told Biometric Update when Apple announced its support for passwordless web logins on Safari in June that passwordless authentication will be available on the majority of consumer internet services, mostly through FIDO standards, within five years.

Tan urges developers to test the feature “today” to begin providing feedback and big fixes.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Municipal ID programs offer ID to undocumented people, and ICE wants their data

Amid the ongoing collapse of democratic norms in the U.S., it is easy to miss a nightmare scenario unfolding for…

 

Unissey levels-up biometric injection attack detection certification

Unissey’s face biometrics have been certified to substantial-level compliance with the European biometric injection attack detection (IAD) standard. Injection attacks…

 

Hey babe, check out my regulations: porn star, VerifyMy spice up UK Online Safety Act

It’s one thing when Christian moralists lobby for age assurance laws – but another thing entirely when the voices are…

 

Regula launches dedicated biometric morph attack detector

A new face morphing detector has been unveiled by Regula to defend against the significant security threat of passports and…

 

UK regulator fines 23andMe over massive genetic data breach

The U.K. Information Commissioner’s Office (ICO) has fined U.S.-based 23andMe £2.31 million for serious security failures that resulted in a…

 

Tonga reveals MOSIP and VS One World foundations of DPI success

Tonga launched its TongaPass digital ID and digital government portal this month. The government is now ramping up registration as…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events