Web Authentication, or WebAuthn, is an effort by the World Wide Web Consortium (W3C) to standardize public-key authentication of users to web-based application and services. Contributing to this effort is the FIDO Alliance.
WebAuthn goal is to increase security for the authentication process by removing or complementing password-based authentication on the one hand, while remaining convenient and easy to use for end-users.
The standard defines web-browser API for the creation and use of PKI-based authentication credentials, to enable online services to offer password-less and multi-factor authentication. Users register their device to the online service and authenticate using a local mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. “Under the hood” a cryptographic challenge-response authentication mechanism is invoked between the relying party and the local authenticator.
WebAuthn is designed so that it can work with a range of public-key authenticator mechanisms.
WebAuthn is currently supported by Firefox and Chrome and enabled by default.
