Given the distributed nature of today’s technology environment, zero trust has become the standard for security. Every interaction must be authenticated and validated for every user accessing every system or application every time. To that end, interoperability is more important than ever. FIDO2 Web Authentication (WebAuthn) is quickly emerging as an important interoperability standard that enables users to select and manage an authenticator of their own (security keys, or built-in platform authenticators, such as a mobile device) that works with their web browser of choice (Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari, etc.) for secure access to any websites or applications that support the WebAuthn standard.
Oracle is happy to announce the general availability of FIDO2 WebAuthn for our cloud identity service. This means that websites and applications that are protected by Oracle can enable their audience of users to authenticate with FIDO2 authenticators for multi-factor authentication (MFA) as well as passwordless authentication. This simplifies the user experience and may reduce the number of authenticators that users need to access the variety of web applications they interact with on a regular basis. Ultimately, this gives users more choice, more control, and a frictionless user experience.
While Oracle already supports passwordless authentication, via our included mobile authenticator for example, FIDO2 WebAuthn support enables our identity customers to let their users select which authenticators they’d prefer to use. For example, many users may prefer to use the face- or fingerprint- biometrics that are already built into their mobile devices or laptops. The user can also choose a hardware-based FIDO2 authenticator that can easily move between devices for strong authentication.
One popular example of hardware-based FIDO2 authenticators are YubiKeys from Yubico. YubiKeys provide physical proof that the user is present at the time of login when they touch the key to authenticate, offering a user experience that’s up to four times faster than manually typing one-time codes. As part of our FIDO2 release, Oracle is happy to announce that we have verified our support for YubiKeys through Yubico’s Works with YubiKey program. If you're interested in learning more about this integration and to see it in action, check out this article.
“It’s all about choice” explains Oracle Identity Vice President Jeppe Larsen. “We need to maintain the highest levels of security throughout the authentication process and as we enable sign on to a wide variety of systems and applications. Many of our customers are large and complex with absolutely strict security mandates. But at the same time, we want to enable the most seamless user experience. Support for FIDO2 authenticators like YubiKeys gives our customers that choice for quick and easy passwordless authentication using the same keys that they use elsewhere.”
Oracle’s cloud engineering team were early adopters of the Yubico integration. Oracle Identity Director Sidd Shenoy notes "We use Yubikeys internally at Oracle as a second factor to manage access to many of our critical systems. The strong authentication methods provided by these keys increases our security posture while maintaining a seamless experience across several heterogeneous systems."
“We take great pride in partnering with leaders in the security space, like Oracle, who share our mission to protect users from password-related threats such as phishing and credential theft,” said David Treece, Manager, Solutions Architecture, Yubico. “Oracle and Yubico jointly offer a hardware-backed authentication experience that not only heightens security and accelerates productivity, but also provides flexibility with FIDO2 to address varying user authentication flows including logging in with no passwords. As more teams work from anywhere, combining phishing-resistant strong authentication with a reliable identity platform is a critical step for enterprises looking to establish trust with users across the entire organization."
Oracle remains committed to delivering an optimal user experience for all Identity and Access Management customers and their user audiences. Adding support for FIDO2 WebAuthn is an important step in enabling our customers’ journeys toward offering the most seamless user experiences possible for all of their user populations whether employees, business partners, or consumers.