Skip to main content

FIDO2: Web Authentication (WebAuthn) overview

WebAuthn refers to one of the FIDO2 specifications, the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification. The main values of FIDO2 are security, convenience, privacy, and scalability.

Learn more about the FIDO2 and WebAuthn standards.

Use WebAuthn if you

We implemented the WebAuthn specification in Authentication Cloud, so your users can log in securely with the built-in functions of their devices already available.

The prerequisite is that the device and the browser needs to support the other FIDO2 standard, Client-to-Authenticator Protocol (CTAP). The device may be a phone or a laptop with biometric options, or a physical security key, see Browsers and authenticators.

We recommend FIDO2 if the following are true for your business:

  • You do not want your users to install yet another app.
  • You require small transactions only, such as a login.
  • You prefer a solution based on open and secure standards, with wide support in the industry.
  • You do not want to invest in major technical development.

With WebAuthn, you do not need an Access App or additional setup on the user side. The device is registered using the browser.

Authentication Cloud directly triggers the device for authentication. In response, the FIDO2-capable devices and their platforms provide the authentication infrastructure that you rely on.

Once registered, the devices are ready for simple login authentications using the biometric sensors on the device, as first or second factor, without a password.

For limitations on FIDO2, see the FIDO2 (WebAuthN / CTAP2) chapter in our blog post.

The registration and authentication flows

We created the following pages to guide you. If this is your first time here, we recommend you go in order.

  1. FIDO2 architecture-overview
  2. Integration prerequisites
  3. Browsers and authenticators
  4. Register the device
  5. Create the credential
  6. Registration result codes
  7. Authenticate using FIDO2
  8. Authentication result codes
  9. Solve the re-registration issue