Passwordless Auth: WebAuthn and FIDO2
Explore the W3C WebAuthn standard and FIDO2 passkeys as the future of authentication.
FIDO2 Architecture
FIDO2 is the umbrella term for the W3C Web Authentication specification (WebAuthn) combined with the FIDO Alliance's Client-to-Authenticator Protocol 2 (CTAP2). Together they define a complete passwordless authentication system using public-key cryptography bound to the relying party origin.
Authenticator Types
FIDO2 supports two authenticator categories. Platform authenticators are built into the device: Touch ID and Face ID on Apple devices, Windows Hello on Windows. Roaming authenticators are external hardware tokens: YubiKey, Google Titan Key, Feitian keys. All use public-key cryptography and generate attestation statements.
All lessons in this course
- The Fundamental Password Authentication Problem
- SRP: Secure Remote Password Protocol
- PAKE Protocols and Their Properties
- Passwordless Auth: WebAuthn and FIDO2