Gandi-webauthn

Gandi now uses WebAuthn

Oct 3, 2019  - written by  in Security

We are proud to announce today that Gandi has started to implement Web Authentication (or WebAuthn, for short) on our production environment. WebAuthn—a web standard published by the World Wide Web Consortium (W3C)—is the next evolution of the U2F security protocol.

More options for strong security

One of the main advantages to upgrading to the WebAuthn standard is that U2F-level security is now available in a wider range of options.

Hardware-based second factor authentication now works with Firefox on all platforms, Chrome on all platforms, chromium-based Microsoft Edge and Opera, as well as Safari (in preview) for MacOS, and probably iOS soon.

Even more exciting than the expanded browser options is the possibility to use security features built in to your device.

For now, you can use Touch ID on Mac in Chrome with your Gandi account, but WebAuthn opens the door to using facial recognition, fingerprint readers, and other biometric security features for Mac and Windows (Windows Hello).

State of the art

Gandi first implemented two-factor authentication in 2013, and followed with implementing U2F in 2017.

Security technology is developing quickly, and we’re doing our best to keep up with the state of the art and new developments. Two-factor authentication has allowed us to overcome the drawbacks of relying on passwords—which can be compromised, phished, or hacked—to keep the accounts safe.

Thanks to the new standard which allows for a cleaner, extensible, and more compatible way to improve client-side security, the implementation of WebAuthn on our platform brings us closer to dispensing with passwords altogether with passwordless sign-ins that make strong security easier than the alternative.

How to use it

Using WebAuthn with your Gandi account requires you use a browser that supports it. If you don’t already use U2F, access your user settings, click on your username in the top right corner of the page, select “User Settings” from the drop down menu, and click on “Manage your U2F Authentication.” Then Click “Add a new key.”

For more information see our documentation.

We are still fine tuning this feature on every OS and browser. If you have any comments or experience any issues, please feel free to send us a message at feedback@gandi.net or on Twitter.