Authentication

WebAuthn / FIDO2

The W3C Web Authentication API and its FIDO2 underpinnings. An authenticator creates an origin-bound public-key credential (a passkey) during a registration ceremony, then proves possession of the private key during an authentication ceremony — giving phishing-resistant login with no shared secret on the server to steal.

Flows

Passkey Ceremonies (Registration & Authentication)
Public-key login (passkeys): an authenticator creates a key pair bound to a site during the registration (attestation) ceremony, then proves possession of the private key during the authentication (assertion) ceremony — phishing-resistant, with no shared secret stored on the server.
12 steps →

Flows

Passkey Ceremonies (Registration & Authentication)