WebAuthn/FIDOのUX徹底解説 ~実サービスへの導入イメージを添えて~ / builderscon tokyo 2019 ritou

Transcript

1. WebAuthn/FIDOͷUXపఈղઆ ~࣮αʔϏε΁ͷಋೖΠϝʔδΛఴ͑ͯ~ ͍ͱ͏
   Γΐ͏
   !SJUPV
   
   CVJMEFSTDPO
   UPLZP
   

2. ͍ͱ͏Γΐ͏ • (ג)ϛΫγΟ ΤϯδχΞ - Identity / Platform / Payment?

   • OpenID ϑΝ΢ϯσʔγϣϯɾδϟύϯ ΤόϯδΣϦετ • Blog : ritou.hatenablog.com • Twitter : @ritou (ळాͷೣ) • ˌidcon, #iddance !2

3. WebAuthnؔ࿈ͷൃද !3 https://speakerdeck.com/ritou

4. ຊ୊ͷલʹ • ࠓ࢖ΘΕ͍ͯΔϢʔβʔೝূ • FIDO/WebAuthn֓ཁ !4

5. ύεϫʔυೝূ • ஌ࣝ৘ใ (SYK:Something You Know) Λར༻ • ཁ͕݅ຬͨ͞ΕΔͳΒ͹ࢸߴͷೝূํࣜ •

   Ϣʔβʔ • αʔϏε !5

6. ύεϫʔυೝূʹ͓͚Δཁ݅ • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ • ֘౰αʔϏεʹͷΈೖྗ !6

7. ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ • ਪଌෆՄೳͳจࣈྻΛੜ੒ -> ؆୯ɺਪଌՄೳ • αʔϏεຖʹҟͳΔจࣈྻΛ؅ཧ ->

   ࢖͍ճ͠ • ֘౰αʔϏεʹͷΈೖྗ -> ॊೈͳରԠ !7

8. ύεϫʔυೝূʹ͓͚Δཁ݅ • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ • ύεϫʔυΛ҆શʹ؅ཧ • ༷ʑͳڴҖ΁ͷରࡦ !8

9. ύεϫʔυೝূͷݱঢ় • αʔϏε • ਪଌෆՄೳͳจࣈྻΛڐ༰ -> ӳ਺࠷େ8จࣈ • ύεϫʔυΛ҆શʹ؅ཧ ->

   ͦͷ··อଘ/࿙Ӯ • ༷ʑͳڴҖ΁ͷରࡦ -> Ϧετ߈ܸରࡦͳͲ !9

10. ύεϫʔυೝূͷݱঢ় • ͲͪΒ΋ཁ݅Λຬ͍ͨͯ͠ͳ͍ • ݪҼ͸ਓྨͷεϖοΫෆ଍(1೥ͿΓ2ճ໨) !10

11. ύεϫʔυೝূͷݱঢ় • Ϣʔβʔ͸ϋʔυ/ιϑτ΢ΣΞͷαϙʔτ͕ඞཁ • ύεϫʔυೖྗΦϖϨʔλͱͯ͠΋༏लͰ͸ͳ͍ • αʔϏεͷίετ΋όΧʹͳΒͳ͍ • Ϧετ߈ܸରࡦ͸Πλνͬ͜͝ʹʁ •

    ໌Δ͍ະདྷ͕ݟ͑ͳ͍ೝূํࣜɺ΍ΊͪΌ͑͹ʁ !11

12. ࣍ͷҰख • 2(ஈ֊|ཁૉ)ೝূͱݺ͹ΕΔ௥Ճೝূ • ϫϯλΠϜύεϫʔυ • खݩͷεϚϗ/σόΠεͰڐՄ !12

13. ϫϯλΠϜύεϫʔυೝূ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ • όοΫΞοϓίʔυ͔Β !13

14. ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ • ϝʔϧ/SMSʹΑΓ഑ૹ -> ௨৴࿏ͱૹड৴ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒ ->

    伴ͷ؅ཧ • όοΫΞοϓίʔυ͔Β -> ίʔυҰཡͷ؅ཧ !14

15. ϫϯλΠϜύεϫʔυೝূͷΩϞ • ϫϯλΠϜύεϫʔυΛར༻ (※ࣗಈೖྗ΋͋Γ) • ϝʔϧ/SMSʹΑΓ഑ૹ -> Ϣʔβʔ͕ೖྗ • ιϑτ/ϋʔυ΢ΣΞͰੜ੒

    -> Ϣʔβʔ͕ೖྗ • όοΫΞοϓίʔυ͔Β -> Ϣʔβʔ͕ೖྗ !15

16. ϫϯλΠϜύεϫʔυͱ ϑΟογϯά߈ܸ !16 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN 
    *%ύεϫʔυ
    

    
    ϫϯλΠϜ
    ύεϫʔυ 
    औಘͨ͠
    *%ύεϫʔυ
    
    ϫϯλΠϜ
    ύεϫʔυ

17. खݩͷσόΠεͰڐՄ • खݩͷσόΠεʹ௨஌ • ϩοΫղআͱ૊Έ߹Θͤ • σόΠε΍ઐ༻ΞϓϦ΁ͷ ϓογϡͳͲͰ࣮ݱ !17

18. ௥ՃೝূͷޮՌ • ϫϯλΠϜύεϫʔυ • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢ΔͱೝূΛಥഁ͞ΕΔՄೳੑ΋ • खݩͷσόΠεͰڐՄ • ͳΜͰ΋͔ΜͰ΋ڐՄͨ͠ΒNG

    • ϑΟογϯάαΠτ͕ಉظతʹਖ਼نͷαΠτʹΞΫ ηε͢Δͱؾ෇͔ͳ͍ͰڐՄͯ͠͠·͏Մೳੑ΋ !18

19. FIDO / WebAuthn ֓ཁ

20. FIDO(First IDentity Online) • ϩʔΧϧೝূΛར༻ • ύεϫʔυ΍ੜମ৘ใ͕௨৴࿏ΛྲྀΕͳ͍ • (ੜମೝূʹݶΒͣ)༷ʑͳೝূํࣜͱͷ૊Έ߹Θͤ ͕Մೳ

    • ެ։伴҉߸ํࣜΛ༻͍ͨ̎ͭͷػೳ • ొ࿥ : ॺ໊ͱެ։伴৘ใΛૹ৴ • ೝূ : ॺ໊Λૹ৴ !20

21. FIDOͷϢʔεέʔε !21 • ύεϫʔυϨεೝূͱͯ͠ (ॴ࣋+ϩʔΧϧೝূ) • ௥Ճೝূͱͯ͠ (ॴ࣋) • ࠶ೝূͷํ๏ͱͯ͠

22. FIDO2 Project • FIDO2 : WebΞϓϦέʔγϣϯ͔Β΋FIDO • WebAuthn (Web Authentication

    API) • FIDOΛར༻͢ΔαʔϏε͕ݺͼग़͢ JavaScript API • CTAP (Client To Authenticator Protocol) • ηΩϡϦςΟΩʔͱ΍ΓͱΓ͢ΔͨΊͷ࢓༷ • ϒϥ΢β͕࣮૷ !22

23. WebAuthn(WebAuthentication API) • 2019/3/4 W3Cקࠂ https://www.w3.org/TR/ webauthn/ • ఆٛ͞Ε͍ͯΔ2ͭͷAPI •

    navigator.credentials.create() : ొ࿥ • navigator.credentials.get() : ೝূ !23

24. WebAuthn - ొ৔ਓ෺ !24 • Relying Party : WebΞϓϦ •

    Authenticator : ηΩϡϦςΟΩʔɺσόΠε • Client : Webϒϥ΢β

25. WebAuthn - ొ৔ਓ෺ !25 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

26. WebAuthn - ొ৔ਓ෺ !26 IUUQTHJIZPKQEFWDPMVNOOFXZFBSXFCBVUIO QBHF

27. WebAuthn - ొ࿥ϑϩʔ !27 1. ొ࿥༻ύϥϝʔλ࡞੒
 (RP৘ใ,Ϣʔβʔ৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform

    ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ 伴ϖΞੜ੒ ॺ໊࡞੒ 5. ৽͍͠ެ։伴ͱॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ެ։伴ͷอଘ Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying Party (αʔϏε)

28. ొ࿥༻ύϥϝʔλͷࢦఆྫ !28 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

29. Attachment : Undefined (macOS + Google Chrome) !29 Ϣʔβʔ͕ར༻͢Δ"VUIFOUJDBUJPSΛબ୒

30. Platform Authenticator (macOS + Google Chrome) !30

31. Cross-Platform Authenticator (macOS + Google Chrome) !31

32. Attachment : Undefined (Windows10 + MS Edge) !32 8JOEPXT
    )FMMP༏ઌ
    Ωϟϯηϧˠ$SPTT1MBUGPSN

33. ొ࿥༻ύϥϝʔλͷࢦఆྫ !33 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

34. AuthenticatorͱϩʔΧϧೝূ !34 '*%0
    ηΩϡϦςΟΩʔσόΠεʛ#JP1BTT
    '*%0
    c
    ඈఱδϟύϯ
 IUUQTGUTBGFDPKQQSPEVDUTGJEP

35. AuthenticatorͱϩʔΧϧೝূ !35 %JTDPWFS
    :VCJ,FZT
    c
    4USPOH
    5XP'BDUPS
    "VUIFOUJDBUJPO
    GPS
    4FDVSF
    -PHJO
    c
    :VCJDP
 IUUQTXXXZVCJDPDPNQSPEVDUTZVCJLFZIBSEXBSF

36. User Verification : Required (macOS + Google Chrome) !36 ϩʔΧϧೝূͷͳ͍σόΠεͰ΋1*/ͷར༻͕Մೳ

37. User Verification : Required (Windows10 + MS Edge) !37

38. ొ࿥༻ύϥϝʔλͷࢦఆྫ !38 • Attachment : Authenticatorͷछྨ • User Verification :

    ϩʔΧϧೝূͷཁٻ • Require ResidentKey : Ϣʔβʔ৘ใΛอଘ

39. Require ResidentKey : True (macOS + Google Chrome) !39 69͕มΘΔ৔߹΋

40. WebAuthn - ೝূϑϩʔ !40 Authenticator (SecurityKey etc…) Client (ϒϥ΢β) Relying

    Party (αʔϏε) 1. ೝূ༻ύϥϝʔλ࡞੒
 (ެ։伴৘ใ, ϩʔΧϧೝূͷ༗ແͳͲ) 3. Authenticator/Platform ͷػೳΛݺͼग़͢ 2. JS APIͷݺͼग़͠ 4.ϩʔΧϧೝূ ॺ໊࡞੒ 5. ॺ໊ 6. JS API͔Βͷ໭Γ஋ 7.֤छݕূ ೝূॲཧ

41. ೝূ༻ύϥϝʔλͷࢦఆྫ !41 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ

    • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻

42. allowCredentialsࢦఆ͋Γ (macOS + Google Chrome) !42 ࢦఆͨ͠ެ։ݤʹඥͮ͘"VUIFOUJDBUPSΛཁٻ

43. allowCredentialsࢦఆ͋Γ (Windows10 + MS Edge) !43

44. ೝূ༻ύϥϝʔλͷࢦఆྫ !44 • AllowCredentials : ެ։伴ͷࢦఆ • ͋Γ : RP͕อ͍࣋ͯ͠Δެ։伴Λࢦఆ

    • ͳ͠(ۭ) : Authenticator ʹอଘ͞Ε͍ͯΔ ৘ใΛར༻ -> Resident Key

45. allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !45 ϩʔΧϧೝূ
    
    อଘ͞Ε͍ͯΔϢʔβʔ৘ใ͔Βબ୒

46. allowCredentialsࢦఆͳ͠ (macOS + Google Chrome) !46 ηΩϡϦςΟΩʔͷ৔߹΋࠷ޙʹϢʔβʔ৘ใબ୒

47. allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !47 8JOEPXT
    )FMMPͰ͸
    Ϣʔβʔબ୒
    
    ϩʔΧϧೝূ

48. allowCredentialsࢦఆͳ͠ (Windows10 + MS Edge) !48 ηΩϡϦςΟΩʔͷ৔߹͸ϩʔΧϧೝূޙϢʔβʔબ୒

49. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !49 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN 
    *%ύεϫʔυ
    

    
    Ξαʔγϣϯ
    ॺ໊ͳͲ 
    औಘͨ͠
    *%ύεϫʔυ
    
    Ξαʔγϣϯ

50. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !50 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN 
    *%ύεϫʔυ
    

    
    Ξαʔγϣϯ
    ॺ໊ͳͲ 
    औಘͨ͠
    *%ύεϫʔυ
    
    Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ
    ੜ੒͍ͯ͠ΔͷͰ
    ϑΟογϯάαΠτʹ
    ϩάΠϯͰ͖ͳ͍

51. WebAuthnͷϑΟογϯά଱ੑ (௥Ճೝূ) !51 ϑΟογϯάϝʔϧɺ ϝοηʔδ ϑΟογϯάαΠτ ʢFYBNQMFJOGPʣ ਖ਼نͷαΠτ FYBNQMFDPN 
    *%ύεϫʔυ
    

    
    Ξαʔγϣϯ
    ॺ໊ͳͲ 
    औಘͨ͠
    *%ύεϫʔυ
    
    Ξαʔγϣϯ PSJHJO୯ҐͰ伴ϖΞΛ
    ੜ੒͍ͯ͠ΔͷͰ
    ϑΟογϯάαΠτʹ
    ϩάΠϯͰ͖ͳ͍ ϑΟογϯάαΠτ޲͚ͷ
    ΞαʔγϣϯΛਖ਼نͷαΠτʹ
    ૹͬͯ΋ݕূࣦഊ͢Δ

52. ࠷ۙ஫໨ͷFIDO/WebAuthnͷରԠঢ়گ !52 • Android • Authenticator: Android 7.0~, Security Key

    • Client: Chrome, Firefox • Windows 10 • Authenticator: Windows Hello, Security Key • Client : Microsoft Edge, Chrome, Firefox…

53. WebAuthnͷ࣮૷ʹ͍ͭͯ !53 • ͜͜Ͱ͸঺հ͠·ͤΜ

54. ͍Α͍Αຊ୊ FIDO / WebAuthn UX

55. ঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or

    FIDO !55

56. Dropbox

57. Dropbox - ొ࿥ !57 ઃఆલʹύεϫʔυ֬ೝΛཁٻ

58. Dropbox - ొ࿥ !58 σόΠε৘ใʹର͢Δ
    ΞΫηεڐՄ֬ೝΛཁٻ "UUFTUBUJPO
    
    OPOF

59. Dropbox - ొ࿥ !59 ໊લΛ͚ͭͯ׬ྃ

60. Dropbox - ೝূ !60 ύεϫʔυೝূͷޙʹೝূΛཁٻ

61. Dropbox - ೝূ !61 ιʔγϟϧϩάΠϯޙʹ΋ೝূΛཁٻ

62. Dropboxͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧޙʹ໊લΛઃఆ • ύεϫʔυೝূ͚ͩͰ͸ͳ͘ɺιʔγϟϧϩάΠϯ ͷޙʹ΋ཁٻ͞ΕΔ

    !62

63. GitHub

64. GitHub - ొ࿥ !64 ొ࿥ॲཧͷલʹ໊લΛઃఆͤ͞Δ

65. GitHub - ొ࿥ !65 1MBUGPSN
    "VUIFOUJDBUPS΋ར༻Մೳ

66. GitHub - ೝূ !66 ύεϫʔυೝূޙʹར༻

67. GitHub - ೝূ !67 ύεϫʔυ֬ೝ࣌ʹ΋ηΩϡϦςΟΩʔΛར༻Մೳ

68. GitHubͷಋೖྫ • ̎ཁૉೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ઃఆ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ొ࿥ॲཧલʹ໊લΛઃఆ • ύεϫʔυೝূͷޙ͚ͩͰ͸ͳ͘ɺ࠶ೝূ࣌ʹ΋η ΩϡϦςΟΩʔΛ༻͍ͨೝূ͕Մೳ

    !68

69. Google

70. Google - ొ࿥ !70 "OESPJE
    Ҏ߱ͷσόΠεΛ؆୯ʹઃఆͰ͖Δ

71. Google - ొ࿥ !71 $SPTT1MBUGPSN
    "VUIFOUJDBUPS 5JUBO
    FUDʜ ΋ొ࿥Մೳ

72. Google - ೝূ !72 ύεϫʔυೝূޙʹ௥ՃೝূΛཁٻ

73. Google - ೝূ !73 εϚϗͰڐՄ͢Δͱೝূ͕׬ྃ

74. Google - ೝূ !74 ηΩϡϦςΟΩʔΛબ୒ޙɺλοϓ͢Δͱ׬ྃ

75. Googleͷಋೖྫ • ̎ஈ֊ೝূͷ2ͭ໨Ҏ߱ͷೝূํࣜͱͯ͠ར༻Մೳ • Cross-platform Authenticator • Android୺຤΋ར༻Մೳ • ϖΞϦϯάͳ͠ͷBluetooth઀ଓ(caBLE)

    • ͍ۙ͏ͪʹ࠶ೝূ࣌ʹ΋ར༻ՄೳʹͳΓͦ͏ !75

76. ʮ௥Ճೝূͱͯ͠ͷಋೖʯ ͷϙΠϯτ • ෳ਺ͷೝূํࣜΛఏڙ : ʮ٧Έʹ͍͘ʯ࢓૊Έ • Authenticatorͷ੍ݶ • ໊લͷઃఆ

    • ೝূཁٻͷλΠϛϯά • ύεϫʔυೝূ / ιʔγϟϧϩάΠϯͷޙ • ύεϫʔυ֬ೝͷ୅ସͱͯ͠ !76

77. ঺հ͢ΔϢʔεέʔε • ௥Ճͷೝূํࣜͱͯ͠: ύεϫʔυೝূ + FIDO • ϝΠϯͷೝূํࣜͱͯ͠: ύεϫʔυೝূ or

    FIDO !77

78. Yahoo! JAPAN

79. Yahoo! JAPAN - ొ࿥ !79 "OESPJE
    
    $ISPNF
    ؀ڥʹݶఆ

80. Yahoo! JAPAN - ొ࿥ !80 4.4
    
    ϝʔϧ
    
    ֬ೝίʔυ౳ͱͷซ༻΋Մೳ

81. Yahoo! JAPAN - ೝূ !81 Ϣʔβʔࣝผޙɺ"OESPJE
    $ISPNFͳΒೝূཁٻ

82. Yahoo! JAPANͷಋೖྫ • Android + Chrome ͱݴ͏૊Έ߹Θͤʹݶఆ • ͦΕҎ֎ͷ؀ڥͰ͸ϝʔϧ /

    SMSͰͷ֬ೝίʔ υૹ৴౳Λར༻ • ϢʔβʔࣝผޙʹೝূํࣜΛग़͠Θ͚ • ొ࿥ޙͷ࠶ೝূͰ΋ಉ͡ೝূํࣜ !82

83. Microsoft

84. Microsoft - ొ࿥ !84 8JOEPXT
    )FMMP͕ಈ࡞͢Δ؀ڥͰ͋Ε͹
    $SPTT1MBUGPSN
    "VUIFOUJDBUPS΋ར༻Մೳ

85. Microsoft - ొ࿥ !85 6TFS7FSJGJDBUJPO
    
    SFRVJSFE

86. Cross-Platform Authenticator !86 ΋ͪΖΜ8JOEPXT
    )FMMP୯ମͰ΋ొ࿥Մೳ

87. Microsoft - ೝূ !87 Ϣʔβʔࣝผલʹೝূཁٻ 3FTJEFOU,FZ

88. Microsoftͷಋೖྫ • Windows Hello͕࢖͑Δ؀ڥ + MS Edgeݶఆ • Windows Hello୯ମ

    • USB/NFCͳηΩϡϦςΟΩʔ΋ར༻Մೳ • αΠϯΠϯΦϓγϣϯͱͯ͠Ϣʔβʔࣝผલʹཁٻ • Resident KeyʹΑΔϢʔβʔબ୒ !88

89. Nulab(ψʔϥϘΞΧ΢ϯτ)

90. ψʔϥϘΞΧ΢ϯτ - ొ࿥ !90 ྆ํͷ"VUIFOUJDBUPSʹରԠ

91. ψʔϥϘΞΧ΢ϯτ - ొ࿥ !91 ొ࿥ॲཧ׬ྃ࣌ʹ໊લΛઃఆ

92. ψʔϥϘΞΧ΢ϯτ - ೝূ !92 ϝΞυͰࣝผޙʹ8FC"VUIOͷೝূཁٻ

93. ψʔϥϘΞΧ΢ϯτͷಋೖྫ • ϝΠϯͷೝূํࣜͱͯ͠ύεϫʔυೝূͱซ༻Մೳ • ར༻ՄೳͳAuthenticatorʹ੍ݶͳ͠ • ෳ਺ొ࿥ՄೳɺϢʔβʔ໊͕લΛ͚ͭΔ • Ϣʔβʔࣝผޙʹೝূཁٻ !93

94. ʮϝΠϯͷೝূํࣜͱͯ͠ͷಋೖʯ ͷϙΠϯτ • UserVerification͸ඞਢ • αϙʔτ؀ڥ(Authenticator/Client)ͷ੍ݶ • ੍ݶ͋Γ = ϝϯςφϯε͕ඞཁ

    • ੍ݶͳ͠ = FIDO2ରԠ؀ڥͳΒ͹উखʹରԠՄೳ • ೝূཁٻͷλΠϛϯά • ϝΞυͰࣝผޙʹઃఆͱ؀ڥͷ൑ఆ • ResidentKeyΛར༻ͯ͠Ϣʔβʔબ୒ !94

95. ύεϫʔυϨεʹ޲͚ͯ

96. ύεϫʔυϨε΁ͷಓ • ৽نαʔϏεͰ͸ύεϫʔυೝূΛಋೖ͠ͳ͍ • WebAuthn/FIDO͕࢖͑ͳ͍؀ڥͷέΞ • طଘͷαʔϏε͔ΒύεϫʔυೝূΛऔΓআ͘ 1. ґଘΛͳ͘͢ 2.

    (ڧ੍΋͘͠͸೚ҙͰ)ແޮԽ !96

97. ύεϫʔυೝূ΁ͷґଘͱ͸ • ৽نొ࿥ϑϩʔ • ύεϫʔυΛઃఆ͔ͯ͠Βϝʔϧ/SMS֬ೝ • ϩάΠϯͰ͖ͳ͍ϦϯΫ • ύεϫʔυϦηοτϑϩʔ΁ •

    ઃఆมߋͳͲॏཁͳॲཧ • ύεϫʔυ֬ೝ !97

98. ύεϫʔυೝূ΁ͷґଘΛऔΓআ͘ • ৽نొ࿥ϑϩʔ • ΫϨσϯγϟϧઃఆͱϝʔϧ/SMS֬ೝͷ෼཭ • ΫϨσϯγϟϧઃఆ෦෼Λ֦ுՄೳʹ͢Δ • ϩάΠϯͰ͖ͳ͍ϦϯΫ •

    ผͷೝূํࣜ΍ઃఆมߋ΁ͷ༠ಋ • ઃఆมߋͳͲॏཁͳॲཧ • ෳ਺ͷೝূํࣜΛڐ༰ !98

99. ψʔϥϘΞΧ΢ϯτͷ৽نొ࿥ • ࠷ॳʹύεϫʔυઃఆ • ґଘΛऔΓআͨ͘Ίʹ • ϝΞυ֬ೝΛઌʹʁ !99

100. Dropboxͷύεϫʔυ֬ೝ • ηΩϡϦςΟػೳͷલ ʹύεϫʔυཁٻ • ґଘΛऔΓআͨ͘Ίʹ • ઃఆࡁΈͷೝূํࣜ ʹ߹Θͤͨ࠶ೝূ •

     υϝΠϯ/origin੔ཧ !100

101. Yahoo! JAPANͷ࠶ೝূ • ύεϫʔυΛ֬ೝ͍ͯ͠ ͨͱ͜ΖͰϝΠϯͷೝ ূํࣜΛཁٻ • SMS / Email

     • WebAutnn • υϝΠϯ͕౷Ұ !101

102. ύεϫʔυೝূͷແޮԽ • ύεϫʔυΛ࢖Θͳ͍ʹϦετ߈ܸΛड͚ͳ͍ • Yahoo! JAPAN / ψʔϥϘΞΧ΢ϯτ !102

103. Yahoo! JAPANͷ ύεϫʔυೝূແޮԽ !103 ϝʔϧιϑτͳͲͷύεϫʔυ͸ผ్ઃఆՄೳ

104. ψʔϥϘΞΧ΢ϯτͷ ύεϫʔυ࡟আ !104 8FC"VUIOରԠ؀ڥͰ͔͠࢖Θͳ͍ͳΒ࡟আՄೳ

105. ·ͱΊ

106. ࠓճͷ಺༰ • WebAuthnΛಋೖͨ͠αʔϏεͷUXΛ঺հͨ͠ • ࣮αʔϏε΁ͷಋೖ࣌ͷϙΠϯτΛ੔ཧͨ͠ • ύεϫʔυೝূ͕͋ΔαʔϏε΁ͷಋೖ • ύεϫʔυϨε΁ͷҠߦ !106

107. • ࣭͝໰ɺײ૝ͳͲ͓଴͓ͪͯ͠Γ·͢ • ϒϩάͰͷݴٴͳͲ • Twitter ͷϋογϡλά or ϝϯγϣϯ •

     ஏ͔͚ͣ͠Ε͹DMͰ΋ !107 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠