Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Authentication

What is WebAuthn?

A web standard that enables passwordless authentication using hardware security keys, biometrics, or platform authenticators.

WebAuthn (Web Authentication) is a W3C standard that replaces passwords with cryptographic credentials.

How It Works

  • A public-private key pair is generated for each website
  • The private key stays on your device (never sent to the server)
  • Authentication uses a cryptographic challenge-response protocol
  • No shared secrets — nothing to phish, leak, or crack

What It Enables

  • Passkeys: Platform-based credentials synced across devices
  • Security keys: USB/NFC hardware authenticators (YubiKey)
  • Biometric auth: Face ID, Touch ID, Windows Hello

Privacy Benefits

  • Each credential is unique per website — no cross-site tracking
  • No passwords to be stolen in data breaches
  • Phishing-resistant by design (credentials are origin-bound)

Browser Support

Supported in all major browsers: Chrome, Firefox, Safari, Edge.

Related Terms

Hardware Security Key

A physical device used for authentication that provides the strongest form of two-factor authentication. Hardware keys are immune to phishing attacks because they cryptographically verify the legitimacy of the website before responding.

Passkey

A passwordless authentication method using public-key cryptography, typically stored on your device and protected by biometrics or device PIN. Passkeys are phishing-resistant and designed to replace passwords entirely.

Security Key

A physical hardware device used for two-factor authentication that provides phishing-resistant proof of identity. Security keys use cryptographic protocols (FIDO2/WebAuthn) that verify both the user and the website, preventing credential theft.

Two-Factor Authentication

A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.

Have more questions?

Use our guided flow to get the right next privacy step for WebAuthn.

Open Guided Flow