Although experimental support does not guarantee it will happen, Apple has shown considerable interest in joining the likes of Microsoft and Google with using WebAuthn. Web Authentication uses a process known as Client to Authenticator Protocol (CTAP), which in turn uses FIDO keys to develop public and private crypto keys for websites to authenticate. Several Apple employees are a part of WebAuthn working group and added support for USB-based CTAP2 in their Safari Technology Preview release 71. WebAuthn not only allows for password-less logins, it also helps aid two-factor authentication by not giving users the option to pick their passwords. This reduces the risk for getting compromised in a breach and becoming a victim in a phishing attempt.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is