Guide to Web Authentication: A New Resource for WebAuthn Info
WebAuthn is a browser-based API that allows for web applications to create strong, public key-based credentials for the purpose of user authentication. The last few months have seen vendors and manufacturers step up to support WebAuthn in a big way. Apple has announced upcoming support for WebAuthn in Safari, meaning all major browser vendors will support the API. Chrome has added support for biometric authentication with Mac OS’s Touch ID in Chrome, backed by Apple’s Secure Enclave. And the W3C is formalizing the specification itself.
Given all this momentum to make WebAuthn successful, we want to be sure the developer community has the background and knowledge to begin using and implementing WebAuthn in their own websites. To that end, I have worked on a Guide to Web Authentication, which aims to provide a useful developer resource for engaging with WebAuthn to replace or supplement password-based authentication on your own websites.
The guide contains an introduction to the existing problems with passwords, and discusses how WebAuthn uses public key cryptography backed with secure hardware to solve these problems. It gives an overview of how registration and authentication work at a high level, using cryptographic signatures as proof of a user’s identity. It provides code samples for registering and authenticating with WebAuthn, alongside interactive documentation describing the purpose of each parameter.