Get started quickly with WebAuthn (Kickstart)

4 min readMar 7, 2019

1. What is WebAuthn?

WebAuthn is a new web standard aims to provide a passwordless authentication which is more secure than the normal password-based authentication.

Do you Know?
WebAuthn is officially approved by world wide web consortium (W3C) on March 4, 2019.
W3C’s mission is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe.

2. Who proposed WebAuthn?

FIDO Alliance proposed WebAuthn(FIDO2).

Do you Know ?
FIDO Alliance is an industry consortium formed by Nok Nok labs, Paypal, Lenovo and later backed by many other leading tech giants.
The Web Authentication component of FIDO2.

3. How WebAuthn works?

WebAuthn Registration

WebAuth Login

4. What is the need for WebAuthn?

Friction and Security are the two major reason

Friction

Conventional password-based authentication creates more friction to the user experience and which is comparatively less secure than WebAuthn.

NEW BEHAVIORAL RESEARCH SHOWS OVER 70% OF CONSUMERS CHOOSE PASSWORDLESS MFA LOGIN OVER TRADITIONAL USERNAMES AND PASSWORDS
When Given a Choice, Multi-Factor Authentication Wins Out Among Study Participants
check this article: https://spotlink.page.link/sReo from trusona.com

Security

Users are not able to create a new unique secure password for every website and remember every one of them because they will have more online accounts manage. As a solution for this, Users create an un-secure password or a similar password for every site.

Quick bites about passwords
* Passwords are the root cause of over 80% of data breaches.
* Users have more than 90 online accounts.
* Up to 51% of Passwords are reused.
* 1/3 of Online purchase abandoned due to forgotten passwords.
* Average help desk labour cost for single password reset is $70.
bites courtesy- fidoalliance.org

5. What are the benefits of WebAuthn?

1. For Organisation

Low Friction UX = More site visitors and more conversion.
Huge cost- saving through avoidance of password resets, device provisioning, customer support.
Increase the productivity of your employees.
Mitigate data breach risks and damages.

2. For Users

No need to remember and type passwords.
Works with the same browsers that people use every day.
Keys stay on the device.
Biometrics, if used, never leave the device.

According to a recent Yubico study, users spend 10.9 hours per year entering and/or resetting passwords, which costs companies an average of $5.2 million annually. While traditional multi-factor authentication (MFA) solutions like SMS one-time codes add another layer of security, they are still vulnerable to phishing attacks, aren’t simple to use and suffer from low opt-in rates.

6. What are the web browsers support WebAuthn and its specs?

Mostly all major browsers already support WebAuthn

It is already supported in Windows 10, Android, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) web browsers. WebAuthn allows users to log into their internet accounts using their preferred device.