The Web Authentication API (WebAuthn) is a specification written by the W3C andFIDO, with the participation of Google, Microsoft, Mozilla, Yubico, and others. This API allows users to be authenticated using public key cryptography.
FIDO WebAuthn is the most secure as well as usable authentication method on theweb right now. Among the key reasons for this include the fact that it minimizeslogin friction. A simple and familiar gesture lets users authenticate. It is also the only web authentication method that is phishing resistant, and it is also standard based and implemented across browsers and operating systems
FIDO WebAuthn allows users authenticate with two types of authenticators, namely roaming authenticators and platform authenticators. Roaming authenticators are removable and cross-platform, such as a Yubikey, and can be used on multiple devices. In order to authenticate with a roaming authenticator, you need to connect it to the device (through NFC, USB, or Bluetooth), provide proof of presence (for instance by touching it), and optionally provide user verification (by entering a PIN, for example).
On the other hand, platform authenticators are attached to a device and only work on that device. Examples include Windows Hello, MacBook’s TouchBar, iOS Touch/FaceId, and Android’s fingerprint/face recognition. Biometric data is stored on the device and never sent to the server. In the event that biometrics cannot be used, alternative authentication methods are usually provided. For instance, if you are wearing a mask, instead of using Face ID you can enter your passcode.
FIDO WebAuthn works by generating a private/public key pair for each web origin which are registered in the device or security key. Because the key pair is bound to the domain, users are protected from phishing attacks.
For more information on FIDO Webauthn, visit ourwebsite at https://loginid.io/
