- Ama-passkey asekelwe ku-FIDO2 avumela ukungena ngemvume ku- WindowsI-ID Yokungena ye-Microsoft, -Google kanye nezinye izinsizakalo ezisebenzisa ifoni ephathekayo njengesiqinisekisi esiphephile.
- I-Windows 10/11 kanye neziphequluli ezinkulu zisekela i-FIDO2/WebAuthn, ngezinketho zokuqinisekisa kudivayisi efanayo noma phakathi kwamadivayisi asebenzisa ikhodi ye-QR kanye ne-Bluetooth.
- Kungenzeka ukuhlanganisa ukusetshenziswa kwamafoni eselula, okhiye bokuphepha abangokoqobo, kanye nabaqinisekisi beplatifomu (i-Windows Hello, i-Touch ID, njll.) ukuze kufezwe indawo engenaphasiwedi ngempela.
- Izinhlangano zingaphatha izinqubomgomo ze-FIDO2 kusukela ku-Microsoft Entra kanye ne-Microsoft Graph, zikhawulele ama-AAGUID athile, futhi zisebenzise i-MFA engamelani nobugebengu bokweba imininingwane ebucayi.
Uma ukhathele ukulwa amaphasiwedi angenakwenzeka, ukuqinisekiswa kwe-SMS, namakhodi aphelelwa yisikhathi ngemizuzwana engama-30Ukusebenzisa ifoni yakho ephathekayo njengesiqinisekisi se-FIDO2 ukuze ungene ku-Windows kanye nezinhlelo zakho zokusebenza zenkampani, empeleni, kuyishintsha kakhulu. Umqondo ulula: ifoni yakho iba ukhiye wakho wokuphepha, futhi udinga ukuyivula kuphela ngomunwe wakho, ubuso, noma i-PIN ukuze ufakazele ukuthi nguwe.
Eminyakeni yamuva nje, izinkampani ezinkulu ezifana neMicrosoft, Google, Apple, kanye nabahlinzeki bezokuphepha abaningi batshale imali ku- I-FIDO2 kanye nama-passkey njengezindlela zangempela zokufaka esikhundleni samaphasiwediLobu buchwepheshe abuseyona into yokuhlola: busebenza ku-Windows 10/11. Android, iOSi-macOS, i-ChromeOS, kanye neziphequluli ezidumile kakhulu. Futhi, okusithakazelisayo lapha, kukuvumela ukuthi usebenzise idivayisi yakho yeselula njengesiqinisekisi se-FIDO2 kokubili ukufinyelela izinsiza zamafu kanye nezikhathi ze-Windows eziphethwe yinhlangano yakho.
Iyini i-FIDO2, ama-passkey, futhi kungani ifoni yakho ephathekayo ingaba yi-authenticator?
Uma sikhuluma ngokusebenzisa ifoni ephathekayo njengesiqinisekisi se-Windows, empeleni sikhuluma sebenzisa amazinga e-FIDO2 kanye nama-passkey (okhiye bokufinyelela)I-FIDO imele i-Fast Identity Online, inhlangano yezinkampani ezichithe iminyaka eminingi ziklama izindlela zokuqinisekisa ngaphandle kokuthembela kumaphasiwedi abuthakathaka futhi asetshenziswe kabusha.
I-FIDO2 iyindinganiso yesimanje ehlanganisa izingxenye ezimbili ezibalulekile: I-WebAuthn (kusukela ku-W3C, ingxenye yesiphequluli kanye ne- Izinhlelo zokusebenza) y I-CTAP2 (iphrothokholi exhumana nomgunyazi, njengefoni yakho noma ukhiye ongokoqobo)Ndawonye bavumela isevisi eku-inthanethi ukuthi ikucele ukuthi uqinisekise ngefoni yakho ephathekayo, i-Windows Hello, ukhiye we-FIDO2 USB/NFC, njll., esikhundleni sokukuphoqa ukuthi ukhumbule elinye iphasiwedi.
Kulo modeli, ifoni yakho ephathekayo ingasebenza njenge- isiqinisekisi se-FIDO sohlobo lwe-cross-platformIgcina ngokuphephile ukhiye wakho wangasese futhi ingasayina izinselelo ezithunyelwa kuyo yi-Windows, i-Microsoft Entra ID, i-Google, noma ezinye izinsizakalo. Uvula ifoni yakho ngendlela yakho evamile (iminwe, ubuso, i-PIN), bese idivayisi iphatha ingxenye ye-cryptographic.
Ngaphansi kwe-hood, i-FIDO2 isebenzisa i-cryptography yokhiye womphakathiIsikhathi ngasinye lapho ubhalisa ukhiye wokungena wesevisi ethile, kukhiqizwa ukhiye obhangqiwe: ukhiye oyimfihlo ugcinwa ku-authenticator (ifoni yakho ephathekayo, i-PC yakho, ukhiye ongokoqobo) futhi awulokothi uwushiye; ukhiye womphakathi uthunyelwa kusevisi futhi uhlotshaniswa ne-akhawunti yakho. Uma ungena futhi, iseva ikhipha inselelo yokuthi i-authenticator yakho isayine ngokhiye oyimfihlo, futhi iseva iqinisekisa lowo mqondiso ngokhiye womphakathi.
Umphumela ongokoqobo uwukuthi Awekho amaphasiwedi okufanele uwahlunge, awekho amakhodi asetshenziswa kanye kuphela okufanele uwavimbele, futhi awekho izimfihlo ezabiwe okufanele zintshontshwe kuseva.Uma othile ezama ukukugebenga, noma ngabe akuyisa kuwebhusayithi mbumbulu, inselele ye-cryptographic ngeke isebenze kukhiye wakho wangempela womphakathi, ngakho-ke ukuhlaselwa kuyaphela ngokwako.
Izinhlobo zabaqinisekisi be-FIDO2 kanye nendima yeselula
Kuhlelo lwe-FIDO2, izinhlobo ezimbili eziyinhloko zabaqinisekisi ziyahlukaniswa: ipulatifomu kanye ne-multiplatformUkuqonda lo mehluko kuzokusiza ukuthi ubone ukuthi iselula ifanelana kanjani uma sikhuluma ngezikhathi ze-Windows.
Isiqinisekisi seplatifomu yisona esiqinisekisayo Ihlanganiswe kudivayisi uqobo.Isibonelo, i-Windows Hello kwi-laptop enesifundi seminwe esihambisanayo noma ikhamera, i-Touch ID kwi-MacBook, noma inzwa yeminwe kwi-laptop yesimanje. Ingasetshenziswa kuphela kusuka kukhompyutha efanayo lapho ifakiwe khona futhi ayikwazi ukudluliselwa kwenye idivayisi.
Abaqinisekisi bezingxenyekazi eziningi yilabo Ungayisebenzisa kusuka kumadivayisi ahlukahlukene.Yilapho okhiye bokuphepha be-FIDO2 (i-YubiKey, i-SoloKey, i-Nitrokey, okhiye be-NFC/USB abajwayelekile) besebenza khona, futhi, okubaluleke kakhulu esihlokweni sethu, omakhalekhukhwini be-Android ne-iOS abasetshenziswa njengeziqinisekisi zangaphandle kwamanye amadivayisi.
Kuye ngezilungiselelo, ifoni yakho ephathekayo ingaziphatha ngezindlela ezimbili: njengoba isiqinisekisi seplatifomu (uma usebenzisa i-passkey ngqo kusiphequluli/uhlelo lokusebenza lweselula) noma njenge isiqinisekisi se-cross-platform (uma ifoni ephathekayo isetshenziswa ukungena kwenye idivayisi, isibonelo i-Windows PC, kusetshenziswa ikhodi ye-QR kanye ne-Bluetooth).
Ngaphandle kwamafoni eselula kanye nezihluthulelo ezingokoqobo, kunezinye iziqinisekisi zesofthiwe kanye hardware iyahambisana, njenge I-Windows Hello, i-Touch ID, i-Face ID, iziqinisekisi zeselula ezikhethekile, kanye nezinhlelo zokusebenza ezifana ne-Hideez Authenticator okwandisa izinketho eziningi zezindawo zebhizinisi ezixubile, lapho izinhlelo zokusebenza ze-FIDO2 zesimanje zihambisana khona nezinhlelo ezindala ezisekelwe kumaphasiwedi.
Ukuhambisana kwe-FIDO2 ku-Windows, iziphequluli, kanye nezinsizakalo
Ukuze idivayisi yeselula isebenze njengesiqinisekisi se-FIDO2 kumaseshini e-Windows, kubalulekile ukuthi Usekelo oluphelele lwe-FIDO2/WebAuthn: uhlelo lokusebenza, isiphequluli noma uhlelo lokusebenza, kanye nensizakalo yobunikaziNgenhlanhla, ukwesekwa kwamanje kubanzi kakhulu.
Ngasohlangothini lwesistimu yokusebenza, I-Windows 10 (inguqulo 1903 nakamuva) kanye Windows 11 Zisekela ngokwendabuko ukuqinisekiswa kwe-FIDO2, ikakhulukazi uma idivayisi ixhunywe ku-Microsoft Entra ID (eyayikade i-Azure AD) noma isizinda esihlanganisiwe. I-Windows Hello isebenza njengesiqinisekisi seplatifomu, futhi uhlelo lungasebenza nezinkinobho ze-FIDO2 USB/NFC kanye neziqinisekisi zeselula.
Ngokuqondene neziphequluli, I-Chrome, i-Edge, i-Firefox ne-Safari Bafake ukwesekwa kwe-WebAuthn kwezinguqulo eziningana, kokubili kudeskithophu kanye neselula. Lokhu kuvumela izinsizakalo ezifana ne-Microsoft Entra, i-Google, i-Bitwarden, kanye nabanye abaphathi bamaphasiwedi kanye nabahlinzeki be-SSO ukuthi baqalise ukugeleza kokuqinisekiswa kwe-FIDO2 ngqo kusuka kusiphequluli.
Ezingeni lesevisi, cishe yonke i-ecosystem ebalulekile namuhla isekela noma isebenzisa ama-passkey: I-Microsoft Entra ID, ama-Akhawunti e-Google, i-Google Workspace, abahlinzeki be-SSO bebhizinisi, abaphathi bamaphasiwedi njenge-Bitwarden, kanye namapulatifomu obunikazi njenge-Hideez Cloud IdentityNgayinye ihlanganisa i-FIDO2 ngendlela ehlukile kancane, kodwa umqondo oyinhloko uyafana: isiqinisekisi sakho (seselula, ukhiye noma i-Windows Hello) sisayina izinselelo esikhundleni sokufaka amaphasiwedi.
Ezindaweni zebhizinisi, ngaphezu kwalokho, I-Microsoft Entra ID ikuvumela ukuthi uphathe i-FIDO2 njengendlela yokuqinisekisa esemthethweniLokhu kuhilela ukusebenzisa izinqubomgomo ezithile ukuze kusebenze, ukukhawulela ama-AAGUID athile (amamodeli ayisihluthulelo noma abaqinisekisi), kanye nokuwasebenzisa ngaphansi kwezimo zokufinyelela ezinemibandela. Lokhu kubalulekile uma ufuna ukuvikela izinsiza ezibucayi futhi usebenzise i-MFA engamelani nobugebengu bokweba imininingwane ebucayi.
Ngena ngemvume ngama-passkey e-FIDO2 ku-Microsoft. Ngena ngemvume usebenzisa idivayisi yakho yeselula.
Isimo sokuqala esisebenzayo sokusebenzisa ifoni ephathekayo njengesiqinisekisi se-FIDO2 nge-Windows sivame ukuhilela I-ID ye-Microsoft Entrangoba amaseshini amaningi ebhizinisi e-Windows 10/11 axhunywe ku-Entra futhi asebenzisa lobo bunikazi ezinsizeni ezifana ne-Office, Teams, I-SharePoint kanye nezinhlelo zokusebenza zangaphakathi.
I-Entra isekela amamodeli amathathu amakhulu e-FIDO2 passkey kubasebenzisi: Izinkinobho zokufinyelela ezigcinwe kudivayisi yokungena uqobo, izinkinobho ezigcinwe kwenye idivayisi (njengefoni yakho yeselula), kanye nezinkinobho ezigcinwe kukhiye wokuphepha ongokoqobo.Zonke lezi zinhlobo zingahlanganiswa ngaphakathi kwenhlangano efanayo.
Uma i-passkey igcinwe kudivayisi efanayo (isibonelo, kwi-laptop ye-Windows ene-Windows Hello noma kufoni ephathekayo lapho une-Microsoft Authenticator kanye ne-passkey), ukuhamba kulula kakhulu: Uzulazula uye kumthombo (iHhovisi, iphothali yenkampani, njll.) bese ukhetha inketho yokuqinisekisa nge-Face, fingerprint, i-PIN noma ukhiye wokuphephaUhlelo luvula iwindi lokuphepha bese lukucela ukuthi uziveze usebenzisa indlela ehleliwe.
Uma i-passkey ikwenye idivayisi, njengefoni yakho ephathekayo, inqubo ihlanganisa ukuqinisekiswa phakathi kwamadivayisiKu-Windows 11 23H2 noma kamuva, isibonelo, uma ukhetha ukungena ngemvume ngokhiye wokuphepha, unikezwa inketho yokukhetha idivayisi yangaphandle njenge-“iPhone, iPad noma idivayisi ye-Android.” I-PC ibonisa ikhodi ye-QR, oyiskena ngekhamera yefoni yakho ephathekayo; bese ifoni icela i-biometrics noma i-PIN yakho, futhi, isebenzisa i-Bluetooth ne-inthanethi, izoqedela ukuqinisekiswa kukhompyutha ekude.
Kuzo zombili izimo, uma ukugeleza sekuqediwe, uqinisekiswa ngokumelene I-ID ye-Microsoft Entraokukuvumela ukuthi ufinyelele izinhlelo zakho zokusebenza zamafu futhi, ezindaweni ezihlanganiswe kahle, amaseshini e-Windows noma izinhlelo zokusebenza zedeskithophu ezincike kulolo lwazi.
Ukusetshenziswa okukhethekile kwe-Microsoft Authenticator ngama-passkey ku-Android naku-iOS
Enye yezindlela ezilula kakhulu zokusebenzisa ifoni yakho ephathekayo njengesiqinisekisi se-FIDO2 ezindaweni ze-Microsoft ukusebenzisa I-Microsoft Authenticator enokusekelwa kokhiye wokufinyelelaLolu hlelo lokusebenza lungasebenza njengesiqinisekisi se-FIDO2 kokubili kudivayisi efanayo (ukuqinisekiswa kwendawo) naphakathi kwamadivayisi (ukungena ngemvume kwi-PC ye-Windows noma kwenye ikhompyutha).
Ku-iOS, ungasebenzisa i-Authenticator njenge-platform authenticator ukuze ungene ngemvume ku-Microsoft. Faka i-ID yakho ku- isiphequluli saso iPhone noma i-iPad kanye nasezinhlelweni zokusebenza ze-Microsoft ezifana ne-OneDrive, i-SharePoint, noma i-Outlook. Uhlelo luzokukhombisa inketho ethi "Ubuso, izigxivizo zeminwe, i-PIN, noma ukhiye wokuphepha," futhi uma uwukhetha, uzocela i-Face ID, i-Touch ID, noma i-PIN yedivayisi yakho.
Ukuze kuqinisekiswe phakathi kwamadivayisi ku-iOS, inqubo yakudala yile: Kwenye ikhompyutha (isibonelo, umshini we-Windows 11), iya ekhasini lokungena ngemvume le-Microsoft. Ngena ngemvume, khetha ezinye izindlela zokungena ngemvume, khetha ukuqinisekiswa kokhiye wokuphepha, bese ukhetha idivayisi ye-iPhone/iPad/Android.Ngaleso sikhathi, ikhodi ye-QR iboniswa esikrinini se-PC.
Nge-iPhone yakho, uvula i- uhlelo lokusebenza lwekhamera yesistimu (hhayi ikhamera eyakhelwe ngaphakathi kwe-Authenticator, njengoba ingaqondi ikhodi ye-WebAuthn QR) bese iyikhomba kukhodi. I-iPhone inikeza inketho "yokungena ngemvume ngephasikhodi" futhi, ngemva kokuqinisekisa ubuwena bakho nge-Face ID, i-Touch ID, noma i-PIN, ifoni iqedela ukuqinisekiswa kwe-FIDO2 nge-PC isebenzisa i-Bluetooth kanye nokuxhumeka kwe-inthanethi.
Ku-Android, ukuziphatha kuyafana, yize kunezimo ezithile. Ukuqinisekisa idivayisi efanayo kusiphequluli kudinga I-Android 14 noma kamuva Ukuze usebenzise i-Authenticator njengesitolo se-passkey efonini yakho, iya kuwebhusayithi ethi My Security Info, khetha izinketho zokungena ngemvume, bese ukhetha ubuso, izigxivizo zeminwe, i-PIN, noma ukhiye wokuphepha. Uma une-passkey eziningi ezigciniwe, uhlelo luzokucela ukuthi ukhethe ukuthi iyiphi ofuna ukuyisebenzisa.
Ukuze uqinisekise phakathi kwamadivayisi ku-Android, ulandela iphethini efanayo ku-PC yakho: Iya ku-Enter, khetha ukhiye wokuphepha, khetha idivayisi ye-AndroidIdivayisi ekude ibonisa ikhodi ye-QR, ongayiskena ngekhamera yesistimu noma kusukela kuhlelo lokusebenza lwe-Authenticator uqobo, ngokufaka i-akhawunti yekhiye yokufinyelela nokusebenzisa inkinobho yokuskena ikhodi ye-QR ebonakala emininingwaneni yekhiye yokudlula.
Kuzo zonke lezi zimo kubalulekile ukuba Ukuxhumeka kwe-Bluetooth ne-inthanethi kuyasebenza kuwo womabili amadivayisiUma inhlangano inezinqubomgomo ze-Bluetooth ezikhawulelwe, umlawuli angadinga ukumisa okuhlukile ukuze avumele ukubhanqa kuphela nabaqinisekisi abasebenzisa ukhiye wokudlula we-FIDO2.
Ezinye izimo zokusetshenziswa kwe-FIDO2: i-Google, i-Bitwarden, kanye ne-enterprise SSO
Ngaphandle kweMicrosoft neWindows, umqondo wokusebenzisa ifoni ephathekayo njengesiqinisekisi se-FIDO2 uhambisana kahle ne- Ama-Google Passkeys, abaphathi bephasiwedi be-FIDO2, kanye nezixazululo ze-SSO zebhizinisiKonke kuyasiza ekwenzeni ifoni yakho ephathekayo ibe yingqikithi yobuwena bakho bedijithali.
Ku-Google, ungakha okhiye bokufinyelela be-akhawunti yakho yomuntu siqu noma ye-Workspace bese usebenzisa el indlela yokuvula isikrini seselula (izigxivizo zeminwe, ubuso, iphinikhodi) njengesici esiyinhloko. Uma i-passkey isisethiwe efonini yakho ye-Android noma i-iPhone, ungangena ngemvume ku-akhawunti yakho ye-Google kwi-PC usebenzisa ukugeleza kokuthi "Zama enye indlela" / "Sebenzisa ukhiye wakho wokufinyelela" bese uskena ikhodi ye-QR evela kusiphequluli sekhompyutha.
Okuhlangenwe nakho kuyafana: i-PC ibonisa ikhodi ye-QR, uyiskena ngekhamera yefoni noma isikena esakhelwe ngaphakathi, bese ifoni ikunxusa ukuthi uyivule. Ngemva kokuqinisekisa i-biometrics noma i-PIN yakho, Umakhalekhukhwini usayina inselelo ye-FIDO2 bese i-PC ithola ukufinyelela ku-akhawunti yakhoNgemva kwalokho, i-Google ingase iphakamise ukudala ukhiye wokungena wendawo kukhompyutha yakho, kodwa lokho kuyinto ongayikhetha.
I-Bitwarden, ngakolunye uhlangothi, ivumela ukuvumela ukungena ngemvume okuzinyathelo ezimbili nge-FIDO2 WebAuthn kuzinhlelo zayo zokusebenza. Ungabhalisa okhiye bokuphepha abaqinisekisiwe yi-FIDO2, kodwa futhi usebenzise abaqinisekisi bomdabu njenge-Windows Hello noma i-Touch ID. Kumadivayisi eselula, kungenzeka ukusebenzisa okhiye abanikwe amandla yi-NFC (njenge-YubiKey NFC) ngokuwasondeza eduze nendawo yokufunda yocingo; ngezinye izikhathi kufanele "uqondise" ngokucophelela ngoba indawo yomfundi we-NFC iyahlukahluka kuye ngemodeli.
Ebhizinisini, amapulatifomu afana nalawa Ubunikazi befu le-Hideez Bahlanganisa ama-passkey e-FIDO2 avumelanisiwe (lawo ongase ube nawo ku-Google noma ku-iCloud) nama-authenticator abo eselula ngokusekelwe kumakhodi e-QR ashintshashintshayo. Indlela yokusebenza evamile imi kanje: ukuze ungene ngemvume kwi-PC, uvula uhlelo lokusebenza efonini yakho, uskene ikhodi ye-QR eboniswa esikrinini sekhompyutha, bese ugunyaza ukungena kusuka kudivayisi yakho yeselula, esebenza njengomqinisekisi ophephile.
Le ndlela iwusizo kakhulu uma unenhlanganisela ye Izinhlelo zokusebenza zesimanje ziyahambisana ne-FIDO2 kanye nezinhlelo zakudala ezisathembele kugama lomsebenzisi nephasiwediEzinye izinkinobho zehadiwe kanye nezixazululo zobunikazi zivumela ngisho nokhiye ofanayo ukuthi usebenze njengesiqinisekisi se-FIDO2 sezinsizakalo ezintsha kanye umphathi wephasiwedi ukubethela kwezinhlelo zokusebenza ezindala.
Nika amandla ama-FIDO2/ama-passkey ezinhlanganweni nge-Microsoft Login
Uma umgomo wakho ukuvumela abasebenzisi ukuthi basebenzise amadivayisi abo eselula njengesiqinisekisi se-FIDO2 kumaseshini e-Windows kanye nezinhlelo zokusebenza zenkampani, indlela eya phambili ihilela Sebenzisa ngokusemthethweni indlela ye-FIDO2 ku-Microsoft Entra ID futhi uchaze ukuthi yiziphi izinhlobo zabagunyazisi ezivunyelwe.
Kusukela esikhungweni sokuphatha se-Microsoft Entra, umphathi wenqubomgomo yokuqinisekisa angaya ku-Entra ID → Izindlela zokuqinisekisa → Izinqubomgomo bese ethola indlela ethi “ukhiye wokuphepha (i-FIDO2)Lapho ungayivumela emhlabeni wonke noma emaqenjini athile okuphepha, ulungiselele ukuthi ukubhaliswa kokuzisiza kuvunyelwe yini, bese unquma ukuthi ingabe ukuqinisekiswa kwedivayisi kuyadingeka.
Inketho yokufakaza ivumela kuphela okulandelayo ukuthi kwamukelwe: Okhiye be-FIDO2 kanye nabaqinisekisi abavela kubahlinzeki abasemthethweniNjengoba umenzi ngamunye eshicilela i-AAGUID (Authenticator Attestation GUID) ekhomba uhlobo kanye nemodeli, "inqubomgomo yokuvimbela ukhiye" ingasetshenziswa ukugunyaza ama-AAGUID athile kuphela nokuvimba okunye. Lokhu kuwusizo kakhulu uma ufuna ukuba neqoqo lezikhiye ezilawulwayo noma abaqinisekisi beselula bezinkampani.
Ukuze uthole izimo ezithuthukisiwe, iMicrosoft inikeza I-Microsoft Graph API yokuphatha i-FIDO2Ngokusebenzisa i-authenticationMethodsPolicy FIDO2 endpoint yokucushwa, ungenza ngokuzenzakalelayo ukudalwa kweziqinisekiso, uqinisekise ama-AAGUID athile, noma unikeze okhiye bokuphepha be-FIDO2 egameni labasebenzisi (inguqulo yokubuka kuqala), usebenzisa i-CTAP kanye ne-creationOptions ezibuyiselwe yi-Entra.
Uma indlela ye-FIDO2 isilungiselelwe kahle, ungakha amandla okuqinisekisa asekelwe kukhiye wokudlula futhi uzisebenzise ezinqubweni zokufinyelela ezinemibandela. Isibonelo, setha umthetho odinga ukuqinisekiswa ngokhiye wokufinyelela we-FIDO2 (futhi ngokuzikhethela ukhawulele ku-AAGUID eyodwa noma ngaphezulu yama-authenticator eselula noma okhiye abathile) ukuze ufinyelele izinhlelo zokusebenza ezibalulekile noma izikhathi zedeskithophu ezikude.
Izimo zokulungisa nazo ziyacatshangelwa: Ukususa ama-passkey abasebenzisi esikhungweni sokuphathaIzinguquko ze-UPN (lapho umsebenzisi kumele asuse ukhiye wakhe omdala we-FIDO2 bese ebhalisa omusha) kanye nemikhawulo efana nokuntuleka kwamanje kokusekelwa kwabasebenzisi bezivakashi ze-B2B ukubhalisa iziqinisekiso ze-FIDO2 ngqo kumqashi wezinsiza.
Lungiselela futhi usebenzise okhiye bokuphepha be-FIDO2 ngefoni yakho ephathekayo
Nakuba ukugxila kwalombhalo kuyiselula njengesiqinisekisi, ezindaweni eziningi kunengqondo ukuyihlanganisa Okhiye bokuphepha abangokoqobo be-FIDO2ikakhulukazi kubaphathi, abasebenzi abanokufinyelela okubalulekile, noma abasebenzisi abadinga indlela yesibili eqinile.
Ukusetha kuvame ukuqala kusuka kuma-portal okuphepha kwama-akhawunti, isibonelo ku- https://aka.ms/mfasetup noma emakhasini e-Microsoft athi "Ulwazi Lwami Lokuphepha". Lapho ukhetha "Ukhiye Wokuphepha," bese ukhetha ukuthi ngabe USB noma i-NFC, bese ulandela i-wizard, ehlukahluka kuye ngesistimu yokusebenza kanye nohlobo lwenkinobho. Ekugcineni, igama linikezwa inkinobho ukuze ihlonzwe esikhathini esizayo.
Uma isibhalisiwe, ukhiye ungasetshenziswa kusukela iziphequluli ezisekelwayo (i-Edge, i-Chrome, i-Firefox) noma ngisho nokungena kumakhompyutha e-Windows 10/11 anikezwe futhi ahlelwe yinhlangano. Ngaphezu kwalokho, izinhlelo ezifana ne-RSA zinikeza izinsiza ezithile (i-RSA Security Key Utility) ukuphatha i-PIN yesihluthulelo, ukuyishintsha, ukusetha kabusha idivayisi, nokuyihlanganisa nemikhiqizo yokuqinisekisa yenkampani efana ne-SecurID.
Ngokwe-FIDO2, okhiye behadiwe bamane nje bangolunye uhlobo lwe-cross-platform authenticator. Idivayisi yakho yeselula ingayisebenzisa ngesikhathi esisodwa. Ungaba nama-passkey avumelanisiwe kudivayisi yakho yeselula, okhiye abangokoqobo bokusetshenziswa okubalulekile, kanye nabaqinisekisi beplatifomu njenge-Windows Hello kumakhompyutha akho omsebenzi.Uma unezindlela eziqinile nezilawulwa kahle, kulapho uzoncika khona kancane kumaphasiwedi abuthakathaka.
Kunoma ikuphi, kungakhathaliseki ukuthi usebenzisa okhiye abangokoqobo noma abaphathwayo, kunconywa ukuthi umphathi achaze izinqubomgomo ezicacile zokwengeza, ukususa, kanye nokufaka esikhundleni sabaqinisekisikanye nezinqubo okufanele zilandelwe uma kwenzeka ukulahleka noma ukwebiwa kwedivayisi (hoxisa i-passkey ehlobene nayo, buyekeza ukufinyelela kwakamuva, phoqelela i-MFA ekungeneni okulandelayo, njll.).
Izinzuzo zangempela kanye nemikhawulo yokusebenzisa i-FIDO2 ngefoni yakho ephathekayo
Ukuthuthukiswa okucacile kokubili ekuphepheni nasekusebenzisekeni Uma usebenzisa ifoni ephathekayo njengesiqinisekisi se-FIDO2 sezikhathi ze-Windows kanye nezinsizakalo ezihlobene, yize kukhona nokushiyeka kanye nezici okufanele zaziwe.
Inzuzo eyinhloko ukuthi Ukuqinisekiswa kuyamelana nokuhlaselwa kobugebengu bokweba imininingwane ebucayi kanye nokwebiwa kweziqinisekisoNjengoba ukhiye wangasese ungaphumi efonini futhi usetshenziselwa kuphela ukusayina izinselelo ze-cryptographic, umhlaseli akakwazi "ukweba" iphasiwedi yakho ngoba ayikho. Ngisho noma isevisi iphulwa, okuveziwe yizikhiye zomphakathi, ezingasizi ngalutho ngaphandle komgunyazi ongokoqobo.
Enye inzuzo ebalulekile ulwazi lomsebenzisi: Ukuvula ifoni yakho ngomunwe wakho noma ngobuso kuyashesha kakhulu futhi kungokwemvelo. kunokubhala amaphasiwedi amade, ukuphatha ama-OTP nge-SMS, noma ukukhumbula izimpendulo zemibuzo yokuphepha. Ezimweni eziningi, futhi kuqeda isidingo sesendlalelo sesibili se-MFA yendabuko, njengoba i-FIDO2 ngokwayo ihlangabezana nezidingo ze-MFA eqinile, engamelani nobugebengu bokweba imininingwane ebucayi.
Ezingeni lokulawula, ukwamukela i-FIDO2 kusiza izinhlangano ukuthi vumelana nemithetho efana ne-GDPR, i-HIPAA, i-PSD2 noma i-NIS2Futhi ngeziqondiso ezivela ku-NIST noma ku-CISA ezincoma i-MFA engamelani nobugebengu bokweba imininingwane ebucayi, akulona iphutha ukuthi ohulumeni nezinkampani ezinkulu baphendukela ezixazululweni ze-FIDO ngaphakathi kohlaka lwamasu okungethembi nhlobo.
Ngasohlangothini lwemikhawulo, enye yezinkinga ezicacile kakhulu yi- ifa lobuchwephesheIzinhlelo zokusebenza eziningi, ama-VPN amadala, amadeskithophu athile akude, noma izinhlelo zangaphakathi azisekeli i-FIDO2 noma i-SSO yesimanje. Kulokhu, usazodinga amaphasiwedi noma ama-authenticator endabuko, yize ungasonga okunye kokufinyelela nge-IdP yesimanje edlulisela i-FIDO2 ngaphandle.
Ngaphezu kwalokho, ezinkonzweni eziningi kusekhona Iphasiwedi ayinyamalali ngokupheleleNgokuvamile kugcinwa njengendlela yokutakula uma ulahlekelwa yiwo wonke ama-passkey akho, okusho ukuthi, uma ungaphathwa kahle, kusekhona "uhlelo B" olungaphephile kangako. Imboni iya kumamodeli lapho ungathembela khona kuphela kuma-passkey, kodwa okwamanje, usazobona amaphasiwedi yonke indawo.
Enye i-nuance ebalulekile umehluko phakathi Ama-passkey nama-passkey avumelanisiwe axhunywe kudivayisiEyokuqala iphindaphindwa ngezinsizakalo zamafu (njenge-iCloud Keychain noma i-Google Password Manager), okuthuthukisa ukusebenziseka kalula kodwa okwenza kube nzima ukulawula izinkampani; eyokugcina ihlala ixhunywe kwihadiwe eyodwa (iselula yenkampani, ukhiye ongokoqobo), enikeza ukulawula okwengeziwe ku-IT ngezindleko zokusebenziseka kalula komsebenzisi.
Kubasebenzisi abaningi kanye namabhizinisi, ukusebenzisa idivayisi yeselula njengesiqinisekisi se-FIDO2 sezikhathi ze-Windows kanye nokufinyelela izinsiza zamafu kuyindlela enengqondo kakhulu yokwenza kanjalo. gxuma ku-bandwagon yokuqinisekisa engenaphasiwediIhlanganisa ukuphepha kwe-cryptography yokhiye womphakathi kanye nokulula kokuvula ifoni osuvele uyiphethe, ihlangana ne-Windows 10/11, i-Microsoft Entra, i-Google kanye nezinye izinsizakalo zesimanje, futhi ikuvumela ukuthi uphile ngezihluthulelo ezibonakalayo nezinhlelo ezindala ngenkathi ushintshela ezweni lapho amaphasiwedi eba yinto ebaluleke kakhulu.
Umbhali oshisekayo ngomhlaba wamabhayithi nobuchwepheshe ngokujwayelekile. Ngiyathanda ukwabelana ngolwazi lwami ngokubhala, futhi yilokho engizokwenza kule bhulogi, ngikubonise zonke izinto ezithakazelisayo kakhulu ngamagajethi, isofthiwe, ihadiwe, izitayela zobuchwepheshe, nokuningi. Inhloso yami ukukusiza ukuthi uzulazule emhlabeni wedijithali ngendlela elula nejabulisayo.