FIDOWebAuthn
FIDOWebAuthn, typically referred to as WebAuthn within the FIDO2 framework, is a web standard for passwordless and phishing-resistant authentication. It was developed through collaboration between the FIDO Alliance and the World Wide Web Consortium (W3C) and provides a standardized API and protocol for relying parties to register and authenticate users with public-key cryptography.
WebAuthn uses authenticators—devices or built-in components that securely hold private keys—to enable logins without shared passwords.
Registration and authentication flows: During registration (MakeCredential), the user consents to create a new credential; the
Security and privacy: WebAuthn provides phishing resistance because authentication relies on domain-bound keys that cannot be
Adoption and impact: WebAuthn has broad browser support and is adopted by many identity providers and services