Home

WebAuthnFIDO2

WebAuthnFIDO2 refers to the ecosystem of standards that enable passwordless, phishing‑resistant authentication on the web. The term encompasses the Web Authentication API (WebAuthn) from the World Wide Web Consortium (W3C) and the FIDO Alliance’s FIDO2 protocol suite, which includes the Client‑To‑Authenticator Protocol (CTAP). WebAuthn provides a web API to register and use public key credentials, while CTAP defines how a client communicates with authenticators.

In operation, a user registers an authenticator with a relying party (RP). The authenticator generates a public/private

Authenticators fall into platform authenticators (built into devices, such as biometric sensors) and roaming authenticators (USB,

Security and adoption: WebAuthnFIDO2 provides phishing resistance because credentials are bound to the origin and do

key
pair;
the
public
key
is
stored
by
the
RP,
and
the
private
key
remains
on
the
authenticator.
For
authentication,
the
RP
issues
a
challenge
that
the
authenticator
signs
with
the
private
key.
The
RP
verifies
the
signature
using
the
stored
public
key.
Attestation
data
may
accompany
the
credential
to
convey
device
provenance,
though
many
deployments
permit
privacy
controls
to
limit
this
information.
NFC,
or
Bluetooth
keys).
Both
types
commonly
support
CTAP2
and
WebAuthn.
Relying
parties
can
deploy
passwordless
authentication,
or
require
WebAuthn
credentials
as
part
of
multi‑factor
authentication.
not
rely
on
shared
secrets.
It
reduces
the
risk
of
credential
interception
or
theft
and
supports
scalable,
cross‑site
authentication.
The
standards
are
widely
implemented
in
modern
browsers
and
platforms,
enabling
broad
interoperability
for
online
services
and
applications.