In today's digital landscape, information system security is more crucial than ever. Attacks are becoming increasingly sophisticated, and traditional authentication methods based on passwords show their limitations. At Rubycat, a specialist in cybersecurity software solutions, we are proud to announce the integration of WebAuthn into our PROVE IT software solution. This article explores the benefits of WebAuthn and how this integration will strengthen your infrastructure security.
What is WebAuthn?
WebAuthn, or Web Authentication, is a standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance (Fast Identity Online). It aims to provide a more secure authentication method by using external authentication devices such as security keys, smartphones, or biometric devices. WebAuthn is best known for its most widespread implementations : Passkeys (or access keys) and Windows Hello.
WebAuthn's operation is based on public-key cryptography, where a pair of keys (public and private) is generated. During enrollment, the private key remains on the authentication device while only the public key is sent to the server (by comparison, with traditional password use, you must send that password, your most precious secret!). During login, the server sends a challenge that the device signs with the private key, thus proving the user's identity without exposing sensitive secrets.
WebAuthn eliminates password weaknesses, which are often reused, weak, or easily stolen through phishing attacks. With WebAuthn, users can log in securely and conveniently using a variety of devices. FIDO2 solutions such as security keys (like Yubikeys), recent smartphones, and even biometric devices like fingerprint readers are all compatible with WebAuthn, offering flexibility and robustness. This standard is also supported by all major modern browsers, facilitating adoption by developers and users.
Key features of WebAuthn integration
This new functionality allows users to log in without having to remember complex passwords. Furthermore, our solution supports a variety of authentication devices (such as FIDO2 solutions like Yubikeys or Microsoft Hello), offering users flexibility and convenience.
Enrollment Phase :
- The user enrolls a device. Enrollment is the process of registering an authentication device (such as a security key or biometric device) with an online service for later use for identity verification. This involves creating and storing a unique public key associated with the user.
- This authentication device, which can be a USB key or fingerprint reader, generates a public/private key pair.
- The public key is then sent to the server and associated with the user's account, while the private key remains secure on the device.
Authentication phase :
- During login, the server sends a challenge to the user's device.
- The user then activates their authentication device (which may involve touching a security key or using a biometric solution).
- The device signs the challenge with the private key (only after performing anti-phishing checks).
- Finally, the server verifies this signature using the previously registered public key.
Advantages and comparison with other authentication methods
Advantages of WebAuthn
Security
WebAuthn offers enhanced security by reducing vulnerabilities related to passwords. Traditional passwords are often weak, reused, or easily stolen through phishing attacks. By eliminating passwords, WebAuthn significantly reduces these risks. Additionally, WebAuthn facilitates the implementation of multi-factor authentication (MFA), combining the security of multiple authentication factors. WebAuthn devices, such as security keys and biometric devices, ensure that only legitimate entities can access protected systems.
User experience
User experience is significantly improved with WebAuthn. Once the authentication device is configured, the login process is simplified and fast. Users no longer need to remember complex passwords or enter OTP (One-Time Password) codes. Instead, they can use a simple device, like a security key or smartphone, to log in securely. This simplicity reduces friction during login and improves user satisfaction.
Interoperability
WebAuthn is designed to be compatible with all modern browsers and a wide range of devices. This interoperability allows users to log in securely across different platforms without restriction. Whether on browsers like Chrome, Firefox, or Edge, or on various devices like smartphones, FIDO2 solutions (such as Yubikey security keys), and biometric readers, WebAuthn ensures maximum flexibility and accessibility.
Cost
One possible financial advantage of WebAuthn is that devices to be enrolled incur no significant additional costs. Unlike other authentication solutions that may require substantial investments in infrastructure or additional software. WebAuthn devices are affordable and already widely present in users' hands. Companies thus strengthen their security without burdening their budgets while benefiting from cutting-edge authentication.
Simplify your sensitive access management with PROVE IT
Our solutionDiscover how PROVE IT ensures granular control and traceability of your sensitive access.
WebAuthn in PROVE IT
Live demonstration on PROVE IT
User view : Enrollment
The user receives an email from the PROVE IT administrator asking them to enroll
Next, the user visits the link, enters their username and the OTP (One Time Password) contained in the email. Their browser then displays a pop-up to "Create an access key".
The user selects the equipment to enroll: this can be a Windows workstation, a mobile terminal, or a FIDO2 security key.
Done ! User view : Login to the Bastion host
Once enrolled, the user will log in the same way as before, the only difference being that their browser will ask them to use an access key (having selected the one just created):
The user can then access the list of different resources they are eligible to connect to.
Administrator view : Solution Lifecycle
The administrator has access to the following elements:
- Audit events
- List of enrolled user equipment
Conclusion
WebAuthn enables secure authentication without passwords, thus improving how users access protected systems. However, the administrator of our PAM solution, PROVE IT, can still configure a realm requiring both a username/password and WebAuthn, combining the advantages of traditional authentication with the modern security of WebAuthn.
WebAuthn offers superior security and better user experience by eliminating password dependencies. Adopting WebAuthn is an important step toward increased security and improved user satisfaction. We are convinced that this integration will strengthen the protection of your infrastructure while meeting current standards and regulations.
Appendix
Useful links and references
Download our datasheet
Our solutionDiscover PROVE IT and all its features
Written by
Other posts
Passkeys : A new era for strong authentication
Publish on June 03, 2025
Active Directory : Microsoft's Complete Directory
Publish on October 28, 2024
What People Mean by "SSH Bastion host"
Publish on April 02, 2024