Worries arise about security of new WebAuthn protocol

A team of security researchers has raised the alarm about some cryptography-related issues with the newly released WebAuthn passwordless authentication protocol.

WebAuthn was officially launched earlier this year, in April. It’s a standard developed under the patronage of the World Wide Web Consortium (W3C), the official body for all web standards. Cryptography experts point out that new WebAuthn protocol recommends or requires the implementation of old and weak algorithms known to be vulnerable to attacks for years.

Source: Worries arise about security of new WebAuthn protocol | ZDNet

>