Apple asks developers to start testing biometric web logins

Face ID and Touch ID now available for FIDO2 authentication

apple logo building

Apple updated its mobile operating systems with support for biometric authentication to websites through Face ID and Touch ID in September, and has now laid out the technical steps for developers to make use of WebAuthn API calls and Apple Anonymous Attestation in a blog post.

The feature is expected to reach macOS with the release of version 11, codenamed ‘Big Sur,’ within the next few weeks.

WebKit Security Engineer Jiewen Tan explains how to implement the biometric authentication feature and some different possible use cases in the post. Recommended workflows are provided, with WebAuthn processes mapped against the Safari user interface and WebKit. Tan also gives advice for limiting prompts by setting user gestures to invoke the platform authenticator, and handling the differences between the platform authenticator and security keys.

The optional Apple Anonymous Attestation feature to provide banks and other businesses in regulated industries with “a cryptographic proof of the authenticator’s provenance” so they can comply with regulations while using Touch ID or Face ID biometrics. Tan calls the service “first of its kind,” as a privacy-preserving attestation process that avoids the security problem in basic attestation of all devices with the same attestation certificate having them revoked if one device is compromised.

Apple joined the FIDO Alliance in early-2020 to support the organization’s work towards replacing passwords with biometrics and physical tokens.

FIDO Alliance Executive Director Andrew Shikiar told Biometric Update when Apple announced its support for passwordless web logins on Safari in June that passwordless authentication will be available on the majority of consumer internet services, mostly through FIDO standards, within five years.

Tan urges developers to test the feature “today” to begin providing feedback and big fixes.

Related Posts

Article Topics

 |   |   |   |   |   | 

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Research

Biometrics White Papers

Biometrics Events

Explaining Biometrics