Securing Web Resources

The FIDO Alliance has curated the new trails blazed by innovators in secure authentication, providing a standard, open platform for maintaining new specifications. WebAuthn represents a new way of performing authentication using public key cryptography, but without the overhead of a Public Key Infrastructure framework or a central trust authority.

FIDO protocols are ideal for web portals in which security is a top concern, and users can be reasonably expected to use a modern browser on a modern OS.

Key Points:

I want to use FIDO2 to secure my Web service

OTPs (One-Time Passwords) have been the backbone of multifactor authentication for the vast majority of established systems. We use OTPs from SMS messages, software apps like Google Authenticator or from authentication hardware, like YubiKeys. OTPs have a major advantage in that they are easy to implement user endpoints for - just include a text field to accept the typed input. While not as secure as the modern authentication protocols, OTPs, when implemented properly, provide security that username and password only cannot match.

OTPs are perfect for quickly standing up a multifactor authentication solution which will work across every environment.

Key Points:

I want to use OTPs to secure my Web service

Smart cards provide a superior authentication solution, allowing for strong, centrally managed authentication which can be extended to secure OS endpoints as well. However, their strength relies on establishing a Public Key Infrastructure (PKI) framework which can be unwieldy to manage. However, should such a PKI deployment already be in place, say in a corporate or federal office, it can be leveraged to extend the same authentication to websites.

Smart Cards are perfect for extending an existing PKI deployment to securing web assets as well.

Key Points:

I want to use Smart Cards to secure my Web service