WebAuthn from W3C and FIDO Alliance - What You Need To Know
In March, 2019, the World Wide Web Consortium (W3C) and the FIDO Alliance announced the specifications for the official web standard for Web Authentication or WebAuthn for short. WebAuthn is the second major component that, along with Client to Authenticator Protocol (CTAP), makes up the FIDO2 standard. FIDO2 is a standard that enables users to leverage common devices to perform authentication functions for online services rather than relying on a user’s knowledge. WebAuthn is the API that enables the creation and use of public key-based credentials by web applications. The idea is that ‘something a user is’ can be used to authenticate themselves. Something a user is can be several methods, including mobile devices, biometrics or security keys. This is in lieu of traditional usernames and passwords.