What is WebAuthn?
Turkish: WebAuthn
WebAuthn is a web standard that lets browsers use security keys and passkeys for strong, passwordless authentication.
What is WebAuthn?
WebAuthn (Web Authentication) is the web standard that lets browsers work with platform authenticators, hardware security keys, and passkey credentials. It is the main browser API in the FIDO2 ecosystem.
During registration, the application gives the browser a challenge and user information. The authenticator creates a new key pair; the public key is stored on the server, and the private key stays on the device. During sign-in, the server sends a new challenge, the device signs it, and the server verifies the signature with the stored public key.
Components
A WebAuthn flow involves the relying party, which is the website performing sign-in; the client, which is the browser; and the authenticator, which may be a secure area on the device or an external security key. External authenticators can connect over USB, NFC, or Bluetooth.
WebAuthn can be used as a second factor in 2FA and MFA flows, or as the foundation for fully passwordless login. In real applications, domain matching, user verification requirements, backup devices, and account recovery design affect both security and usability.
Related Terms
2FA adds a second proof, such as an authenticator app, SMS code, or security key, on top of a password during sign-in.
Biometric AuthenticationBiometric authentication uses device biometrics such as face or fingerprint checks for login and sensitive approvals.
MFA (Multi-Factor Authentication)MFA protects sign-ins by requiring extra factors such as an authenticator app, device prompt, biometrics, or a security key.
PasskeyA passkey is a phishing-resistant sign-in method that uses a device-held private key plus biometric or PIN approval instead of passwords.