WebAuthn or Web Authentication is a new standard enabling the creation and use of public key-based credentials by web applications, for the purpose of strongly authenticating users using hardware authenticators. That means you can now login into your websites without using passwords. You don’t have to worry about the safety of your online information and database.
While complex passwords can be a secure method to keep your account safe, they are often long, hard to remember, and should be updated from time to time. With this Web Authentication API, World Wide Web Consortium (W3C) is hoping to use more secure methods like biometric data, mobiles, or FIDO security keys, which are difficult to steal and replicate. WebAuthn is a core part of FIDO2 specifications which is the set of advanced technology that establish authentication between servers and authenticators using a private-public keypair also known as a credential.
This authentication standard is supported through many web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox. However, Apple’s Safari is currently supporting it in preview versions.
How it works?
The whole process have two steps: Registration and Authentication
Registration makes the authenticators to create a set of public key credentials that can be used to sign in into websites. Since these credentials are unique for different websites, therefore it can not be tracked and hence maintain the privacy of the user.
Whereas, Authentication allows the websites to verify the credentials.
In this way these two process works hand by hand.
Steps for Login using WebAuthn:
- Register as User by entering username or email Id.
- Touch your authenticator device.
- Your new credential is created.
- You can authenticate as the user by using rawId.
- Touch your authenticator device again.
- Voila! Login successfully.
It is indeed a good news for folks who find passwords cumbersome.