Go Passwordless with WebAuthn

The initial version of passport-fido2-webauthn has been released! This strategy expands the Passport ecosystem with a strategy capable of strongly authenticating a user in a fully passwordless manner.

The FIDO Alliance and the W3C have been pioneering secure authentication, working together for almost a decade to bring phishing-proof credentials to the web. This makes it possible to authenticate using security keys (such as a Yubikey) or the biometric sensor built into your laptop or phone. While this has greatly improved the security posture of enterprises, adoption has been lacking in consumer scenarios because it is too difficult when switching devices or recovering a lost device.

FIDO has articulated a vision for how to address these limitations. Passkeys, as they are called, are synchronized between all of a person’s devices and restored when a new device is set up. With Google, Microsoft, and Apple all supporting this initiative, browser and operating system support will soon be ubiquitous. We are finally approaching the moment where we can kill the password.

You can join the effort by adding WebAuthn support to your site or app. Get started by installing passport-fido2-webauthn:

npm install passport-fido2-webauthn

The documentation and example will help you get up and running. Additional information will be coming as this passwordless future comes true!