Public-key authentication standard
Web Authentication
Abbreviation
WebAuthn
Year started
2013
First published
2019
Latest version
Level 2 Recommendation
21 April 2021
2021-04-21
Preview version
Level 3 (
FPWD
15 December 2021
2021-12-15
Organization
FIDO2 Project
FIDO Alliance
and
W3C
Committee
Web Authentication Working Group
Editors
Jeff Hodges (Google)
J.C. Jones (Mozilla)
Michael B. Jones (Microsoft)
Akshay Kumar (Microsoft)
Emil Lundberg (Yubico)
Dirk Balfanz (Google)
Vijay Bharadwaj (Microsoft)
Arnar Birgisson (Google)
Alexei Czeskis (Google)
Hubert Le Van Gong (PayPal)
Angelo Liao (Microsoft)
Rolf Lindemann (Nok Nok Labs)
Base standards
File API
WHATWG Encoding Standard
Unicode AUX #29: Text Segmentation
Domain
Authentication
Web Authentication
WebAuthn
) is a
web standard
published by the
World Wide Web Consortium
(W3C).
It defines an
API
that websites use to
authenticate
with WebAuthn credentials (
passkeys
) and outlines what WebAuthn authenticators should do.
It solves many of the issues of traditional
password
-based authentication by verifying the user's identity with
digital signatures
Although WebAuthn is often touted as a complete replacement for passwords, most websites that implement it continue to use passwords in some capacity.
To use WebAuthn, users require a compatible authenticator. The standard does not specify how to store the
keys
required for signing, so a variety of authenticator types can be used. The most common authenticator type is a platform authenticator, which is built into the
operating system
of the device. Common platform authenticators include
Android
Apple Keychain
and
Windows Hello
. These make use of hardware security features (such as
TEE
and
TPM
), and often sync credentials between devices for ease-of-use. Another common authenticator type is a roaming authenticator, where a separate hardware device authenticates the user by connecting over
USB
Bluetooth Low Energy
, or
near-field communications
(NFC). Most
smartphones
can be used as roaming authenticators, and dedicated physical
security keys
are also used. WebAuthn is effectively backward compatible with FIDO
Universal 2nd Factor
(U2F) as they both use the
CTAP
protocol.
Password managers
can also be used as an authenticator, often with cloud sync.
Where credentials sync is not viable or possible, WebAuthn Hybrid Transport can be used to access credentials stored on another authenticator such as a smartphone.
10
Like legacy U2F, WebAuthn is resistant to
phishing attacks
11
as the authenticator only offers credentials that were registered on the
same website
. However, unlike U2F, WebAuthn can be implemented in a
passwordless
manner.
12
Moreover, a roaming hardware authenticator resists malware, since the keys are stored on a separate device, which prevents the malware from accessing them directly.
The WebAuthn Level 1 and 2 standards were published as
W3C Recommendations
on 4 March 2019 and 8 April 2021 respectively.
13
14
A Level 3 specification is currently a
First Public Working Draft
(FPWD).
15
WebAuthn is a core component of the
FIDO2 Project
under the guidance of the
FIDO Alliance
16
FIDO2 is the successor to FIDO Universal 2nd Factor (U2F). Whereas U2F only supports multi-factor mode, having been designed to strengthen existing username/password-based login flows, FIDO2 adds support for single-factor mode. In multi-factor mode, the authenticator is activated by a test of
user presence
, which usually consists of a simple button push; no password is required. In single-factor mode, the authenticator (
something you have
) performs
user verification
17
Depending on the authenticator capabilities, this can be:
18
something you know:
a secret such as a
PIN
passcode
or swipe pattern
something you are:
biometric
such as fingerprint,
face
, iris or voice
Regardless of mode, the authenticator never shares its secrets or biometric data with the website.
19
Moreover, a single user's secret or biometric works with all websites, as the authenticator selects the correct
cryptographic key material
to use for the service requesting authentication after user verification was completed successfully.
A secret and biometric on the authenticator can be used together, similarly to how they would be used on a
smartphone
. For example, a fingerprint provides convenient access to user's smartphone, but occasionally fingerprint access fails, in which case user can use a PIN.
Reasons for its design and standardization
edit
The W3C designed and standardized WebAuthn to solve or mitigate many issues that are inherent to traditional password-based authentication:
Secure credential generation and storage: WebAuthn generates unique credentials for each website using robust algorithms, storing them securely in trusted authenticators. This eliminates common vulnerabilities such as:
Weak passwords that can be easily brute-forced due to insufficient length.
Predictable passwords vulnerable to dictionary attacks (e.g., "password", "12345678").
Guessable passwords based on personal information (e.g., birthdates, addresses).
Poor client-side password storage (e.g., written down, stored in phone contacts).
Password reuse across multiple websites, as WebAuthn credentials are specific to individual websites by design.
Inadequate server-mandated password requirements (e.g., overly lax or restrictive criteria, arbitrary maximum length limits, limited charsets).
Restrictions preventing password manager auto-fill features.
No server-side credential storage: The private part of a credential is never stored on a server, eliminating risks and vulnerabilities such as:
Insecure password storage in databases (e.g., plaintext or relying on weak hash-based algorithms/constructions).
Database leaks exposing passwords.
Mandatory, ineffective periodic password changes.
Unique credentials for each website: WebAuthn ensures credentials are unique per website, eliminating the following risks and vulnerabilities:
Credential stuffing attacks, where attackers use credentials from one data breach across multiple sites.
Phishing attacks, as credentials cannot be reused or misapplied to different websites.
Here shown the usage of passkey as a term to refer to WebAuthn credential (
Bitwarden
for
Pixiv
Passkey
is the
de facto
non-technical
term for a WebAuthn credential.
Most user interfaces that support WebAuthn use only
passkey
to refer to WebAuthn credentials.
When Apple first introduced passkeys to the public in 2022,
20
they emphasized their first-party platform integrations. This, combined with the lack of clear communication from other industry leaders, led some to speculate that passkeys were proprietary to Apple, which was not the case.
21
As browsers and websites began to implement WebAuthn, the inconsistent feature-sets resulted in a variety of understandings of what exactly counted as a passkey. Some people assumed that a passkey required management by a platform authenticator, or needed synchronization using the cloud. A better definition is that a passkey is any WebAuthn credential managed by any WebAuthn authenticator.
This definition covers most of what different vendors refer to and accept as
passkeys
Like its predecessor FIDO U2F, W3C Web Authentication (WebAuthn) involves a
website
, a
web browser
, and an authenticator:
The website is a conforming WebAuthn Relying Party
The browser is a conforming WebAuthn Client
The authenticator is a FIDO2 authenticator, that is, it is assumed compatible with the WebAuthn Client
WebAuthn specifies how a claimant demonstrates possession and control of a FIDO2 authenticator to a verifier called the WebAuthn Relying Party. The authentication process is mediated by an entity called the WebAuthn Client, which is little more than a conforming web browser.
A typical Web Authentication (WebAuthn) flow
Example of WebAuthn authentication with Android Credential Manager
Authenticator is a multi-factor
cryptographic
authenticator that uses
public-key cryptography
to sign an authentication assertion targeted at the WebAuthn Relying Party. Assuming the authenticator uses either a
facial recognition
, fingerprint or PIN for user verification, the authenticator itself is
something you have
while the facial recognition and fingerprint (biometric) are
something you are
and the PIN is
something you know
To initiate the WebAuthn authentication flow,
22
the WebAuthn Relying Party indicates its intentions to the WebAuthn Client (i.e., the browser) via
JavaScript
. The WebAuthn Client communicates with the authenticator using a JavaScript
API
implemented in the browser. A roaming authenticator conforms to the FIDO
Client to Authenticator Protocol
(CTAP),
23
and connected over
USB
Bluetooth Low Energy
, or
near-field communications
(NFC).
WebAuthn does not strictly require a roaming hardware authenticator. Alternatively, a software authenticator (e.g., implemented on a smartphone) or a platform authenticator (i.e., an authenticator implemented directly on the WebAuthn Client Device) may be used. Relevant examples of platform authenticators include
Windows Hello
24
and the
Android operating system
25
WebAuthn Hybrid Transport allows the WebAuthn Client to access credentials stored on another authenticator such as a smartphone, useful in certain situations where credential sync is not viable.
10
There is a lingering misunderstanding among users that biometric data is transmitted over the network in the same manner as passwords, which is not the case.
26
27
When the WebAuthn Relying Party receives the signed authentication assertion from the browser, the digital signature on the assertion is verified using a trusted public key for the user.
To obtain a public key for the user, the WebAuthn Relying Party initiates a WebAuthn registration flow
28
that is similar to the authentication flow illustrated above. The primary difference is that the authenticator now signs an attestation statement with its attestation private key. The signed attestation statement contains a copy of the public key that the WebAuthn Relying Party ultimately uses to verify a signed authentication assertion. The attestation certificate contains metadata describing the authenticator itself.
29
The digital signature on the attestation statement is verified with the trusted attestation public key for that particular model of authenticator. How the WebAuthn Relying Party obtains its store of trusted attestation public keys is unspecified. One option is to use the FIDO metadata service.
30
The attestation type specified in the JavaScript determines the trust model. For instance, an attestation type called self-attestation may be desired, for which the trust model is essentially
trust on first use
Example of WebAuthn passkey as a part of password manager
Bitwarden
The WebAuthn Level 1 standard was published as a W3C Recommendation by the
Web Authentication Working Group
on 4 March 2019.
13
31
WebAuthn is supported by
Google Chrome
Mozilla Firefox
Microsoft Edge
Apple Safari
13
and
Opera
32
The desktop version of Google Chrome has supported WebAuthn since version 67.
33
Firefox, which had not fully supported the previous FIDO U2F standard, included and enabled WebAuthn in Firefox version 60, released on 9 May 2018.
34
An early
Windows Insider
release of Microsoft Edge (Build 17682) implemented a version of WebAuthn that works with both
Windows Hello
as well as external security keys.
35
Existing FIDO U2F security keys are largely compatible with the WebAuthn standard, though WebAuthn added the ability to reference a unique per-account "user handle" identifier, which older authenticators are unable to store.
One of the first FIDO2-compatible
authenticators
was the second-generation
Security Key
by Yubico, announced on 10 April 2018.
36
The first FIDO2-compatible authenticators with a display was Trezor Model T by SatoshiLabs, announced on 6 November 2019.
37
Trezor Model T was also the first authenticator that allowed users to select which FIDO2 resident credential should be used directly on a device.
The first Security Level 2 certified FIDO2 key, called "Goldengate" was announced one year later by eWBM on 8 April 2019.
38
39
Dropbox
announced support for WebAuthn logins (as a 2nd factor) on 8 May 2018.
40
Apple
announced that
Face ID
or
Touch ID
could be used as a WebAuthn platform authenticator with
Safari
on 24 June 2020.
41
Several
password managers
such as
Bitwarden
and
Dashlane
supported WebAuthn.
42
43
WebAuthn implements an extension of the W3C's more general
Credential Management
API
, which is an attempt to formalize the interaction between
websites
and
web browsers
when exchanging user credentials. The Web Authentication API
44
45
extends the Credential Management
navigator.credentials.create()
and
navigator.credentials.get()
JavaScript
methods so they accept a
publicKey
parameter. The
create()
method is used for registering public key
authenticators
as part of associating them with user accounts (possibly at initial account creation time but more likely when adding a new security device to an existing account) while the
get()
method is used for authenticating (such as when logging in).
To check if a browser supports WebAuthn, scripts should check if the
window.PublicKeyCredential
interface is defined. In addition to
PublicKeyCredential
, the standard also defines the
AuthenticatorResponse
AuthenticatorAttestationResponse
, and
AuthenticatorAssertionResponse
interfaces in addition to a variety of dictionaries and other datatypes.
The API does not allow direct access to or manipulation of private keys, beyond requesting their initial creation.
In August 2018, Paragon Initiative Enterprises conducted a security audit of the WebAuthn standard. While they could not find any specific
exploits
, they revealed some serious weaknesses in the way the underlying cryptography is used and mandated by the standard.
46
Main points of criticism revolve around two potential issues that were problematic in other cryptographic systems in the past, and therefore should be avoided in order to not fall victim to the same class of attacks:
Through the mandated use of
COSE
RFC 8152
) WebAuthn also supports
RSA
with
PKCS1v1.5 padding
. This particular scheme of padding has been known to be vulnerable to
specific attacks
for at least twenty years, and it has been successfully attacked in other protocols and implementations of the RSA cryptosystem in the past. It is difficult to exploit under given conditions in the context of WebAuthn, but since there are more secure cryptographic primitives and padding schemes, it is still a bad choice and cryptographers no longer consider it best practice.
The FIDO Alliance standardized on the
asymmetric cryptographic
scheme
ECDAA
47
This is a version of
direct anonymous attestation
based on
elliptic curves
and in the case of WebAuthn is used to verify the integrity of authenticators, while also preserving the privacy of users, as it does not allow for global correlation of handles. However, ECDAA does not incorporate some of the lessons that were learned in the last decades of research in the area of
elliptic curve cryptography
, as the chosen curve has some security deficits inherent to this type of curve, which reduces the security guarantees quite substantially. Furthermore, the ECDAA standard involves random, non-deterministic signatures, which already has been a problem in the past.
Paragon Initiative Enterprises also criticized how the standard was initially developed, as the proposal was not made public in advance and experienced cryptographers were not asked for suggestions and feedback. Hence the standard was not subject to broad cryptographic research from the academic world.
Despite these shortcomings, Paragon Initiative Enterprises still encourage users to continue to use WebAuthn but have come up with some recommendations for potential implementers and developers of the standard that they hope can be implemented before the standard is finalized. Avoiding such mistakes as early as possible would protect the industry from any challenges that are introduced by broken standards and the need for
backwards compatibility
ECDAA was only designed to use in combination with device attestation. This particular feature of WebAuthn is not necessarily required for authentication to work. Current implementations allow the user to decide whether an attestation statement is sent during the registration ceremony. Independently, relying parties can choose to require attestation or not. ECDAA was removed from WebAuthn Level 2 as it was not implemented by browsers nor relying parties.
48
WebAuthn, popularly referred to as "passkeys", has received mixed responses from the public:
Troy Hunt
: "Passkeys are one of the few security constructs that make your life easier, rather than harder."
49
"That's a one-click sign-in, and clicking the purple button immediately grants me access to my account."
49
Dan Goodin: "Passkey technology is elegant, but it’s most definitely not usable security."
Bruce Davie
: "...the implementation seems to have failed the 'make it easy for users' test, which in my view is the whole point of passkeys. I have been using
public key cryptography
for 30-plus years... If I find passkeys confusing to use, it doesn’t bode well for more typical users."
50
Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (eds.).
"Web Authentication: An API for accessing Public Key Credentials Level 1 (latest)"
World Wide Web Consortium
Archived
from the original on 14 March 2019
. Retrieved
4 March
2019
"Web Authentication Working Group"
World Wide Web Consortium
Archived
from the original on 15 May 2016
. Retrieved
11 May
2018
Strickland, Jonathan (18 March 2019).
"What is WebAuthn"
TechStuff
iHeartMedia
. 20:35 minutes in.
Archived
from the original on 25 June 2021
. Retrieved
20 March
2019
"White Paper: Multi-Device FIDO Credentials"
(PDF)
FIDO Alliance
. March 2022. p. 6.
Archived
(PDF)
from the original on 16 June 2024
. Retrieved
20 May
2024
Brown, William (April 2024).
"webauthn-rs docs"
Docs.rs
. Kanidm Identity Management Project. Archived from
the original
on 12 June 2025
. Retrieved
3 July
2025
Langley, Adam (23 December 2024).
"A Tour of WebAuthn"
Imperial Violet
. Retrieved
13 August
2025
Goodin, Dan.
"Passkey technology is elegant, but it's most definitely not usable security"
. Ars Technica.
Archived
from the original on 3 July 2025
. Retrieved
3 July
2025
"WebAuthn / CTAP: Modern Authentication"
(PDF)
World Wide Web Consortium
. 10 December 2018.
Archived
(PDF)
from the original on 4 December 2020
. Retrieved
11 March
2019
"Will Passkeys Kill Password Managers?"
Corbado
. 1 June 2023
. Retrieved
18 September
2025
"WebAuthn Passkey QR Codes & Bluetooth: Hybrid Transport"
Corbado
. 8 November 2023
. Retrieved
18 September
2025
Kan, Michael (7 March 2019).
"Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise"
. PC Magazine.
Archived
from the original on 8 March 2019
. Retrieved
8 March
2019
"Practical passwordless authentication comes a step closer with WebAuthn"
Ars Technica
. 10 April 2018.
Archived
from the original on 1 January 2025
. Retrieved
16 October
2024
"W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins"
World Wide Web Consortium
. 4 March 2019.
Archived
from the original on 4 March 2019
. Retrieved
4 March
2019
Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil, eds. (8 April 2021).
"Web Authentication: An API for accessing Public Key Credentials Level 2"
(Latest ed.).
World Wide Web Consortium
Archived
from the original on 4 June 2019
. Retrieved
27 November
2022
Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil, eds. (4 April 2021).
"Web Authentication: An API for accessing Public Key Credentials Level 3"
(First Public Working Draft ed.).
World Wide Web Consortium
Archived
from the original on 25 February 2022
. Retrieved
24 December
2021
"FIDO2 Project"
. FIDO Alliance.
Archived
from the original on 22 April 2018
. Retrieved
11 May
2018
"User Presence vs User Verification"
Archived
from the original on 19 February 2024
. Retrieved
19 February
2024
Baghdasaryan, Davit; Hill, Brad (2 July 2018).
"FIDO Registry of Predefined Values"
fidoalliance.org
. FIDO Alliance.
Archived
from the original on 4 December 2020
. Retrieved
16 June
2019
"Web Authentication: An API for accessing Public Key Credentials Level 1 § Terminology: User Verification"
www.w3.org
. W3C. 4 March 2019.
Archived
from the original on 7 June 2017
. Retrieved
16 June
2019
Clemons, Taylor (6 June 2022).
"WWDC 2022: Apple announces Passkey feature to eliminate passwords across platforms"
. ZD Net.
Archived
from the original on 6 June 2023
. Retrieved
4 July
2025
Shakir, Umar (6 August 2022).
"Reminder: passkeys are not just from Apple"
. The Verge.
Archived
from the original on 24 September 2023
. Retrieved
4 July
2025
"Web Authentication API"
Mozilla
. Section
Authentication
Archived
from the original on 28 November 2020
. Retrieved
18 March
2019
Brand, Christiaan; Czeskis, Alexei; Ehrensvärd, Jakob; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Powers, Adam; Verrept, Johan, eds. (30 January 2019).
"Client to Authenticator Protocol (CTAP)"
. FIDO Alliance. Archived from
the original
on 8 March 2019
. Retrieved
7 March
2019
Simons, Alex (20 November 2018).
"Secure password-less sign-in for your Microsoft account using a security key or Windows Hello"
Microsoft
. Retrieved
6 March
2019
"Android Now FIDO2 Certified, Accelerating Global Migration Beyond Passwords"
. BARCELONA:
FIDO Alliance
. 25 February 2019.
Archived
from the original on 7 March 2019
. Retrieved
6 March
2019
"Touch ID and Beyond: Duo's Plans for WebAuthn"
. Duo Security. 5 March 2019.
Archived
from the original on 21 March 2020
. Retrieved
8 March
2019
Steele, Nick (27 February 2019).
"How WebAuthn aims to solve the password problem"
. Help Net Security.
Archived
from the original on 28 September 2020
. Retrieved
8 March
2019
"Web Authentication API"
Mozilla
. Section
Registration
Archived
from the original on 28 November 2020
. Retrieved
18 March
2019
"Attestation and Assertion - Web APIs"
MDN Web Docs
. 28 May 2025
. Retrieved
20 September
2025
"Metadata Service"
FIDO Alliance
. Retrieved
18 March
2019
Protalinski, Emil (4 March 2019).
"W3C Approves WebAuthn as the Web Standard for Password-Free Logins"
Archived
from the original on 4 March 2019
. Retrieved
4 March
2019
"Can I use Web Authentication API?"
Archived
from the original on 19 February 2018
. Retrieved
7 March
2019
Brand, Christiaan (3 June 2018).
"Enabling Strong Authentication with WebAuthn"
Google Developers
Archived
from the original on 4 September 2018
. Retrieved
25 June
2018
Shankland, Stephen (9 May 2018).
"Firefox moves browsers into post-password future with WebAuthn tech"
CNET
Archived
from the original on 12 May 2018
. Retrieved
11 May
2018
Sarkar; et al. (23 May 2018).
"Announcing Windows 10 Insider Preview Build 17682"
. Microsoft.
Archived
from the original on 7 April 2019
. Retrieved
25 June
2018
"Yubico Launches New Developer Program and Security Key for FIDO2 and WebAuthn W3C Specifications"
(Press release). 10 April 2018.
Archived
from the original on 7 May 2018
. Retrieved
11 May
2018
"Make Passwords a Thing of the Past, FIDO2 Is Now Available on Trezor Model T"
. 6 November 2019
. Retrieved
6 November
2019
"eWBM: eWBM's Goldengate Fingerprint Reader is First to Get FIDO L2 Certification"
(Press release). 8 April 2019. Archived from
the original
on 1 January 2020
. Retrieved
15 June
2019
"Mobile ID World, Alex Perala: eWBM's Goldengate Fingerprint Reader is First to Get FIDO L2 Certification"
(Press release). 9 April 2019.
Archived
from the original on 12 August 2020
. Retrieved
15 June
2019
Girardeau, Brad (8 May 2018).
"Introducing WebAuthn support for secure Dropbox sign in"
Dropbox Tech Blog
. Dropbox.
Archived
from the original on 12 May 2018
. Retrieved
11 May
2018
"Safari 14 Release Notes"
Apple Developer Documentation
. 16 December 2022.
Archived
from the original on 14 May 2021
. Retrieved
16 December
2022
Porter, Jon (2 November 2023).
"Bitwarden begins adding passkey support to its password manager"
The Verge
Archived
from the original on 17 July 2025
. Retrieved
12 August
2025
Pegoraro, Rob (30 July 2024).
"These Are the Services Seeing the Biggest Uptick in Passkey Adoption"
PC Magazine
UK
Archived
from the original on 8 November 2024
. Retrieved
12 August
2025
"Web Authentication API"
Mozilla
Archived
from the original on 28 November 2020
. Retrieved
16 March
2019
Ackermann, Yuriy (15 January 2019).
"Introduction to WebAuthn API"
. Medium.
Archived
from the original on 29 March 2019
. Retrieved
8 March
2019
"Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet)"
. Paragon Initiative Enterprises Blog. 23 August 2018.
Archived
from the original on 10 October 2018
. Retrieved
9 October
2018
"FIDO ECDAA Algorithm"
. FIDO Alliance. 27 February 2018
. Retrieved
9 October
2018
"Remove ECDAA? · Issue #1410 · w3c/webauthn"
GitHub
. 28 April 2020
. Retrieved
3 June
2020
Hunt, Troy (5 May 2025).
"Passkeys for Normal People"
Troy Hunt
Archived
from the original on 13 May 2025
. Retrieved
13 August
2025
Davie, Bruce (17 November 2024).
"Will passkeys ever replace passwords? Can they?"
The Register
Archived
from the original on 25 July 2025
. Retrieved
13 August
2025
US