Imagine being able to log in to websites without using any password, sounds cool right?
Passwords are hard to keep track of leading us to pick weak and easy ones which make us vulnerable to phishing attacks. WebAuthn solves this problem for us with passwordless authentication.
What is WebAuthn?
WebAuthn—short for Web Authentication is part of the FIDO2 framework, which is a set of technologies that enable passwordless authentication between servers, browsers, and authenticators.
WebAuthn let users authenticate with two types of authenticators:
One is with a Roaming authenticator a physical device like a Yubikey which can be used on multiple devices. The second method is with Platform authenticators attached to a device for example MacBook’s TouchBar, and Android’s fingerprint recognition.
How WebAuthn Works?
It builds a trusted relationship between the device and the browser by creating public/private key pairs so they can communicate with each other and authenticate the user. This way, as a user, you don't need to have passwords for every site you visit, just a strong authenticator that works with WebAuthn.
The public/private key is different for each website, so one website cannot determine from the authenticator what other websites you have used it for.
The Problem
No website supports WebAuthn...Wait!? What!?
The thing is all major web applications support WebAuthn as a second-factor authentication so it's not entirely passwordless after all.
The problem behind this is inconsistency in user experience between different browsers. Every website has different ways to set up passwordless authentication which makes it confusing and hard to understand for users.
We can hope for complete passwordless authentication in future with WebAuthn as it offers user-friendly authentication.
Top comments (0)