Revolutionizing Web Authentication with WebAuthn and Passkeys
Web application features you may not know: WebAuthn & Passkeys
Especially with web applications, it is assumed that you have to authenticate yourself to a server. You expect that only you can see your data. And that’s not the only reason the server has to check your identity.
Classically, a username and password come to mind. Maybe also with a 2nd factor to secure the process. Also popular—because it’s particularly simple—is a Magic Link. Simply submitting your email address is sufficient. By receiving a temporary link you confirm your identity. Well, or that you can successfully intercept an email. 😉
Since many people neither use secure passwords nor 2-factor authentication, there is still a lot of uncertainty associated with this classic procedure. It would also be much more convenient if you could log in with your fingerprint or an eye scan. And there is a solution.
With WebAuthn, a standard was created that enables authentication using public-key cryptography. Your private key is usually stored on your device. The next login is just a fingerprint away. Without a password manager. Without 2nd factor. And yet safe.
Passkeys go one step further—but based on WebAuthn. The apparent future of passwordless authentication. But instead of simply storing the necessary key on the device, it is (usually) stored in the cloud by the relevant provider. No matter whether directly from Google, Apple or Microsoft. But password managers like 1Password or Dashlane can also manage passkeys.
- WebAuthn Guide : Uno
- Passkeys Demo : Corbado
- Passkeys : FIDO Alliance
- Passkeys : 1Password
- Passkeys : Dashlane
- Seven Misunderstandings About Passkeys : 1Password