Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Multifactor_Authentication_Cheat_Sheet.md #1248

Merged
merged 2 commits into from
Dec 6, 2023
Merged

Update Multifactor_Authentication_Cheat_Sheet.md #1248

merged 2 commits into from
Dec 6, 2023

Conversation

Brianthered
Copy link
Contributor

Updated biometric information, as it has become commonly available through webauthn. I think it would make sense to add a cheatsheet on webauthn, but I didn't want to be presumptive.

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

  • In case of a new Cheat Sheet, you have used the Cheat Sheet template.
  • All the markdown files do not raise any validation policy violation, see the policy.
  • All the markdown files follow these format rules.
  • All your assets are stored in the assets folder.
  • All the images used are in the PNG format.
  • Any references to websites have been formatted as [TEXT](URL)
  • You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
  • The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR covers issue #.

Thank you again for your contribution 😃

@Brianthered
Update Multifactor_Authentication_Cheat_Sheet.md
4700eb9 
Updated biometric information, as it has become commonly available through webauthn.  I think it would make sense to add a cheatsheet on webauthn, but I didn't want to be presumptive.
szh
szh requested changes Dec 5, 2023
View reviewed changes
Copy link
Collaborator

@szh szh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution!
I agree that this should be updated. But I'm not sure biometrics and webauthn should be used interchangeably. WebAuthn supports many factors that aren't biometric. If we're going to update this, which I think we should, we need to be clear to avoid any confusion.

@Brianthered
Update Multifactor_Authentication_Cheat_Sheet.md
b1815c6 
Removed webauthn reference.  Probably should have a webauthn page that could cover biometrics and webauthn and their relationship.
@jmanico
Copy link
Member

jmanico commented Dec 6, 2023

Good fix, pushing this live

@jmanico jmanico merged commit a082c93 into OWASP:master Dec 6, 2023
3 checks passed
@Brianthered
Copy link
Contributor Author

Brianthered commented Dec 6, 2023 via email

@Brianthered Brianthered deleted the patch-1 branch December 9, 2023 00:09
shoeper
shoeper reviewed Jan 11, 2024
View reviewed changes
cheatsheets/Multifactor_Authentication_Cheat_Sheet.md
@@ -282,7 +282,7 @@ Email verification requires that the user enters a code or clicks a link sent to

## Something You Are

The final factor in the traditional view of MFA is something you are - which is one of the physical attributes of the users (often called biometrics). Biometrics are rarely used in web applications due to the requirement for users to have specific hardware.
The final factor in the traditional view of MFA is something you are - which is one of the physical attributes of the users (often called biometrics). Biometrics has been rarely used in web pages due to the requirement for users to have specific hardware. Most modern apps which require secure authentication have an option to use biometrics, particularly if the interfaces is already designed for a smart phone or tablet.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoeper shoeper shoeper left review comments

@szh szh szh requested changes

@jmanico jmanico jmanico approved these changes

@mackowski mackowski Awaiting requested review from mackowski

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Brianthered @jmanico @szh @shoeper