WebAuthn
WebAuthn is a web standard that enables web applications to register and authenticate users using FIDO2 credentials or biometrics. It provides a common interface between browsers and authentication hardware or software.
# WHAT TEAMS RUN INTO
- —
Browser and platform support for WebAuthn is still incomplete. Legacy browsers and older devices don't support it, requiring fallback to weaker methods or excluding some users.
- —
WebAuthn works for web but not for native apps or APIs. Authentication flows that span web and mobile require different implementations or multiple authentication methods.
- —
WebAuthn credential recovery is not standardized. If a user loses all their WebAuthn credentials, the recovery path depends on what the application implemented, and some applications offer none.
# WHY IT MATTERS
WebAuthn is the plumbing that makes passwordless authentication possible on the web. It creates a common standard so users can use one FIDO2 credential across multiple sites instead of maintaining separate passwords or tokens for each. But WebAuthn only works if browsers, platforms, and applications implement it consistently. Incomplete adoption means WebAuthn becomes just another authentication option instead of the default.