Yubico has released a brief explainer for developers that are interested in its Yubico WebAuthn Starter Kit. The Kit is now available in early access, and is designed to make the transition to a passwordless authentication environment as smooth as possible.
To that end, the Starter Kit comes with documentation that explains the logic behind WebAuthn, as well as ready-to-run code that can be immediately deployed to enable the use of YubiKeys on any Amazon Web Services (AWS) account. The goal is to provide developers with practical step-by-step instructions for the actual implementation, while making sure that they understand why they are taking each of those steps.
In doing so, Yubico is hoping to eliminate the most common pain points for organizations looking to migrate to a passwordless authentication environment. The Starter Kit uses a dynamic, identity-based flow that will automatically direct users to the strongest authentication option available on their device or browser, whether it is device biometrics or a security key like a YubiKey. The environment itself is designed to mimic the password-based flows that developers are already familiar with, and will still support the use of passwords for those who cannot or are not ready to make the switch.
The Starter Kit can be used with a free AWS account, and is based on the AWS Serverless Application Model. To give customers a better sense of what they can do, the Kit comes with a sample web client in addition to the AWS-hosted server needed to run the solution.
According to Yubico, the Kit will give architects the theoretical background they need to design high-level systems, while simultaneously giving user-facing developers the tools they need to deploy new authentication options and enable key features like account recovery. It also shows backend developers how to manage large numbers of user credentials.
Yubico is trying to encourage the adoption of WebAuthn as a new global security standard. The company recently proposed a new WebAuthn protocol that will make it easier to create backup security keys, while AWS brought native WebAuthn support to its Single Sign-On solution.