W3C home > Mailing lists > Public > public-rqtf@w3.org > February 2022

Progress on "Kill Captcha": Wabauthn test page at cloudflarechallenge.com

From: Lionel Wolberger <lionel@userway.org>
Date: Fri, 25 Feb 2022 15:06:32 +0200
Message-ID: <CAHOHNHfwrhv_D0ekSUMdY7xMxWN8tiqcfF=Z_w5o0LTwTKz=sg@mail.gmail.com>
To: Janina Sajka <janina@rednote.net>, public-rqtf@w3.org
*The text below was posted to Issue #23 (*
https://github.com/w3c/captcha-accessibility/issues/23*) and is shared here
for convenience and broader discussion.*

Janina and I investigated the use of WebAuthn to establish personhood via a
known to be reliable authentication device, here is some progress.

I read the Cloudflare proposal and did the test. It worked very smoothly on
my iPhone using FaceID without any preliminary registration. This is huge
step forward from the first versions which seemed to indicate that users
would need a hardware key e.g. Yubico.

You can try the test here
https://cloudflarechallenge.com/

============

Some useful sources for the above:

Webauthn Level 2 (which seems to incorporate Level 1)
https://www.w3.org/TR/webauthn-2/

Cloudflare's readable overview of the issues and their approach
https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/
By Thibault Meunier

Cloudflare's list of common hardware authentication devices: Apple Face ID
and Touch ID, Microsoft Windows Hello, Google Android Biometric
Authentication.
https://blog.cloudflare.com/cap-expands-support/
By Wesley Evans and Tara Whalen

A technical review of the standard
https://support.cloudflare.com/hc/en-us/articles/200170136-Understanding-Cloudflare-Captchas-Managed-Challenge-and-Challenge-Passage


Lionel Wolberger
COO, UserWay Inc.
lionel@userway.org
UserWay.org <http://userway.org/>
<https://userway.org>[image: text]
Received on Friday, 25 February 2022 13:07:22 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 17 January 2023 20:26:49 UTC