Morioh
Login
Marielle Rippin

Marielle Rippin

3 years ago

What is WebAuthn?

The Web Authentication API is an authentication specification that allows websites to authenticate users with built-in authenticators like Apple TouchID and Windows Hello or using security keys like Yubikey.

Image for post

It utilizes public-key cryptography instead of passwords. When the user registers, a public-private key pair is generated for the account. The private key is stored securely in the user’s device, while the public key is sent to the server. The server can then ask the user’s device to sign a challenge using the private key to authenticate the user.

Registration with WebAuthn

During registration, a website usually asks the user to enter a username and password. With WebAuthn, the website will generate a public-private key pair, send the public key to the server, and store the private key securely in the user’s device.

Image for post

WebAuthn Registration Flow

Logging in with WebAuthn

During login, a website usually checks whether or not the user has provided the right username and password. With WebAuthn, the website will send a challenge and check if the browser can sign the challenge using the private key stored in the user’s device.

Image for post

#web-development #webauthn #reactjs #javascript #authentication

What is WebAuthn: Logging in with Touch ID and Windows Hello on the web

levelup.gitconnected.com

What is WebAuthn: Logging in with Touch ID and Windows Hello on the web

The Web Authentication API is an authentication specification that allows websites to authenticate users with built-in authenticators like Apple TouchID and Windows Hello or using security keys like Yubikey. It utilizes public-key cryptography instead of passwords.

3.65 GEEK