WebAuthn

Web Authentication (WebAuthn) is a W3C standard that enables password-less or second-factor authentication using public-key cryptography and hardware authenticators like security keys (YubiKey) or platform authenticators (Face ID, Touch ID). The private key never leaves the device, and authentication is bound to the specific origin, making WebAuthn completely phishing-resistant. It forms the core of FIDO2, which is endorsed by NIST and major cloud providers. WebAuthn is the most secure widely-available authentication mechanism.

Why it matters for your website

• 1Directly impacts resistance to account takeover and credential theft
• 2Required for SOC 2, HIPAA, and PCI-DSS compliance
• 3Misconfiguration can expose all user accounts to attack