FIDO2: Web Authentication (WebAuthn) overview
WebAuthn refers to one of the FIDO2 specifications, the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification. The main values of FIDO2 are security, convenience, privacy, and scalability.
Use WebAuthn if you
We implemented the WebAuthn specification in Authentication Cloud, so your users can log in securely with the built-in functions of their devices already available.
The prerequisite is that the device and the browser needs to support the other FIDO2 standard, Client-to-Authenticator Protocol (CTAP). The device may be a phone or a laptop with biometric options, or a physical security key, see Browsers and authenticators.
We recommend FIDO2 if the following are true for your business:
- You do not want your users to install yet another app.
- You require small transactions only, such as a login.
- You prefer a solution based on open and secure standards, with wide support in the industry.
- You do not want to invest in major technical development.
With WebAuthn, you do not need an Access App or additional setup on the user side. The device is registered using the browser.
Authentication Cloud directly triggers the device for authentication. In response, the FIDO2-capable devices and their platforms provide the authentication infrastructure that you rely on.
Once registered, the devices are ready for simple login authentications using the biometric sensors on the device, as first or second factor, without a password.
For limitations on FIDO2, see the FIDO2 (WebAuthN / CTAP2) chapter in our blog post.
The registration and authentication flows
We created the following pages to guide you. If this is your first time here, we recommend you go in order.