Security secrets and your phone’s built-in protection keys are usually reshaping the way users authenticate online. These technologies usually are trusted by a growing quantity of websites to provide phishing-resistant two-factor authentication (2FA). To help make sure next generation authentication protocols function seamlessly across the internet, we have been committed to partnering with the environment and providing essential systems to advance state-of-the-art authentication for everybody. So , today we are liberating a new open source security key check suite .
Under the hood, running around security keys are run by the FIDO Alliance CTAP methods , the part of FIDO2 that will ensures a seamless incorporation between your browser and safety key. Whereas the security-key user experience aims to become straightforward, the CTAP practices themselves are fairly complex. The main reason for this is the broad range of authentication make use of cases the specification details: including websites, operating systems, and even enterprise credentials. As the standard protocol specification continues to evolve—there has already been a draft of CTAP 2 . 1—corner cases that may cause interoperability problems are certain to appear.
We experienced many of those tricky corner instances while implementing our open-source security-key firmware OpenSK and decided to create a extensive test suite to ensure all of our new firmware releases manage them correctly. Over the last 2 yrs, our test suite increased to include over 80 assessments that cover all the CTAP2 functions.
Today our company is making our test suite free to allow stability key vendors to straight integrate it into their tests infrastructure and benefit from improved testing coverage. Moving forward, were excited to keep collaborating using the FIDO Alliance, its people, the hardware security essential industry and the open source local community to extend our test collection to improve its coverage create it a comprehensive tool that this community can rely on to make sure key interoperability. In the long term, it really is our hope that conditioning the community testing capabilities will certainly ultimately benefit all security and safety key users by assisting ensure they have a consistent encounter no matter which security keys they may be using.
We thank our collaborators: Adam Langley, Alexei Czeskis, Arnar Birgisson, Borbala Benko, Christiaan Brand, Dirk Balfanz, Guillaume Endignoux, Jeff Hodges, Julien Cretin, Mark Risher, Oxana Comanescu, Tadek Pietraszek and all the security key suppliers that worked with us.