What is WebAuthn - Secure Web Authentication?
What is WebAuthn – Web Authentication?
WebAuthn
(short for Web Authentication) is a web standard developed by the World Wide
Web Consortium (W3C) and the FIDO Alliance. It provides a standard API
(Application Programming Interface) for web applications to authenticate users
without requiring passwords.
WebAuthn
enables users to authenticate with public key cryptography and biometrics, such
as fingerprint or facial recognition, instead of using a password. The
technology uses a FIDO2-compliant authenticator device (e.g. authenton#1), such
as a security key, to generate a public-private key pair unique to the user.
The private key is stored securely on the authenticator device, while the
public key is registered with the web application. When a user logs in, the
authenticator device generates a signature that is sent to the web application,
which verifies the signature using the previously registered public key.
WebAuthn is
designed to provide a stronger level of security than traditional
password-based authentication. Because the private key is stored on the
authenticator device and not on the server, it is much harder for attackers to
steal or guess the user's credentials. In addition, because the user's
biometric data is used to authenticate, it is much more difficult for an
attacker to impersonate the user.
WebAuthn is
supported by most modern web browsers, including Google Chrome, Mozilla
Firefox, Microsoft Edge, and Apple Safari. It is also supported by major
platforms such as Android and Windows 10.
Overall,
WebAuthn provides a simpler, more secure, and more user-friendly way to
authenticate to web applications, without the need for passwords.