1. Authenticator Firefox

Firefox has started rolling out two-factor authentication, and if you use the browser to store any passwords you should enable it now. Advertisement Chrome/Firefox Extension of the Week: Flash. Passwords can be forgotten, stolen, or compromised. With Authenticator, your phone provides an extra layer of security on top of your PIN or fingerprint. Get to your apps faster Use Authenticator to sign-in to Outlook, OneDrive, Office, and more.

Firefox 66, being released this week, supports using the Windows Hello feature for Web Authentication on Windows 10, enabling a passwordless experience on the web that is hassle-free and more secure. Firefox has supported Web Authentication for all desktop platforms since version 60, but Windows 10 marks our first platform to support the new FIDO2 “passwordless” capabilities for Web Authentication.

As of today, Firefox users on the Windows Insider Program’s fast ring can use any authentication mechanism supported by Windows for websites via Firefox. That includes face or fingerprint biometrics, and a wide range of external security keys via the CTAP2 protocol from FIDO2, as well as existing deployed CTAP1 FIDO U2F-style security keys. Try it out and give us feedback on your experience.

For the rest of Firefox users on Windows 10, the upcoming update this spring will enable this automatically.

Akshay Kumar from Microsoft’s Windows Security Team contributed this support to Firefox. We thank him for making this feature happen, and the Windows team for ensuring that all the Web Authentication features of Windows Hello were available to Firefox users.

For Firefox users running older versions of Windows, Web Authentication will continue to use our Rust-implemented CTAP1 protocol support for U2F-style USB security keys. We will continue work toward providing CTAP2/FIDO2 support on all of our other platforms, including older versions of Windows.

For Firefox ESR users, this Windows Hello support is currently planned for ESR 60.0.7, being released mid-May.

If you haven’t used Web Authentication yet, adoption by major websites is underway. You can try it out at a variety of demo sites: https://webauthn.org/, https://webauthn.io/, https://webauthn.me/, https://webauthndemo.appspot.com/, or learn more about it on MDN.

If you want to try the Windows Hello support in Firefox 66 on Windows 10 before the April 2019 update is released, you can do so via the Windows Insider program. You’ll need to use the “fast” ring of updates.

Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The AuthenticatorAttestationResponse interface of the Web Authentication API is returned by CredentialsContainer.create() when a PublicKeyCredential is passed, and provides a cryptographic root of trust for the new key pair that has been generated. This response should be sent to the relying party's server to complete the creation of the credential.

This interface inherites from AuthenticatorResponse.

Note: This interface is restricted to top-level contexts. Use from within an <iframe> element will not have any effect.

Properties

Methods

Examples

Specifications

Specification	Status	Comment
Web Authentication: An API for accessing Public Key Credentials Level 1 The definition of 'AuthenticatorAttestationResponse interface' in that specification.	Recommendation	Initial definition.

Browser compatibility

BCD tables only load in the browser

See also

Authenticator Firefox

• AuthenticatorAssertionResponse: the interface for the type of response given when retrieving an existing credential
• AuthenticatorResponse: the parent interface