Overview
WebAuthn (Web Authentication) is a core component of the FIDO2 project. It is a browser-based API that allows web applications to use built-in authenticators (like Windows Hello, Touch ID, or Face ID) or external security keys for secure login.
How it Works
- The website sends a challenge to the browser.
- The browser asks the user to authenticate (e.g., via fingerprint).
- The authenticator signs the challenge with a private key stored on the device.
- The browser sends the signature back to the website, which verifies it with the user's public key.
Benefits
- Passwordless: Users don't need to remember or type passwords.
- Phishing-Resistant: The authentication is cryptographically bound to the website's origin.