WebAuthn - SparTech Software

WebAuthn (Web Authentication) is a web standard and browser-based API developed by the World Wide Web Consortium (W3C) and the FIDO Alliance to provide passwordless, phishing-resistant authentication for web applications . Its primary goal is to replace traditional password-based logins with stronger, more secure methods using public key cryptography.

Key features and how it works:

Passwordless Authentication: Instead of passwords, users authenticate with something they have (like a device or security key) and something they are (such as biometrics or a PIN).
Public Key Cryptography: When a user registers with a website, a unique public-private key pair is generated. The private key stays securely on the user’s device, while the public key is stored on the server .
Authentication Process: To log in, the server sends a challenge to the browser, which is signed using the private key on the user’s device after the user proves their identity (e.g., fingerprint, facial recognition, PIN). The signed challenge is returned to the server, which verifies it using the stored public key .
Phishing Resistance: Credentials are scoped to a specific website and cannot be used elsewhere, making it highly resistant to phishing and credential theft .
Device Flexibility: WebAuthn supports both platform authenticators (built-in, like a laptop’s fingerprint reader) and roaming authenticators (external, like USB security keys or smartphones).
Widespread Support: Supported by all major browsers (Chrome, Firefox, Edge, Safari) and operating systems, and adopted by leading services such as Google, Microsoft, and Facebook .

Glossary: Client to Authenticator Protocol
The Client to Authenticator Protocol (CTAP) is a standardized protocol developed by the FIDO Alliance that enables secure communication between a client device (such as a browser, operating system, or application) and an external authenticator (like a hardware security key, smartphone, or biometric device) over channels such as USB, NFC, or Bluetooth Low Energy (BLE).
Glossary: FIDO2
FIDO2 is an open authentication standard developed by the FIDO (Fast Identity Online) Alliance to enable passwordless, phishing-resistant user authentication for online services across both desktop and mobile environments. Its primary goal is to eliminate the need for traditional passwords, which are vulnerable to phishing, credential theft, and other common cyberattacks.
WebAuthn PRF Encryption: Passkeys and WebAuthn – the next frontier for secure file encryption.
The evolution of passkeys and WebAuthn is not only advancing passwordless authentication—it is also unlocking new capabilities in the realm of data security. Among the most significant recent developments is the ability to use passkeys, in conjunction with the WebAuthn PRF (Pseudo-Random Function) extension, to securely encrypt and decrypt files. This represents a powerful new use case for passkeys, offering users phishing-resistant, hardware-backed, and password-free file encryption.
A novel phishing technique uses QR codes presented during MFA authentication to bypass FIDO-based protections.
Security researchers have identified a novel phishing technique that leverages QR codes presented during simulated multifactor authentication (MFA) processes to bypass FIDO-based protections. The method exploits legitimate cross-device sign-in flows — without compromising the underlying FIDO standard — by manipulating user behavior and undermining core assumptions of phishing-resistant authentication.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Related