The current use of username and password authentication creates heavy support load due to helpdesk calls, resulting in lost productivity and high IT costs. While two-factor and multi-factor authentication have been demonstrated to be effective in protecting users from account takeover, the lack of global web standards has hampered widespread adoption to date.
Web Authentication, or WebAuthn, is a new global standard introduced by the World Wide Web Consortium (W3C) and FIDO Alliance for secure authentication to web applications. WebAuthn defines a standard API that enables web applications to easily invoke strong authentication without a password via built-in support to all leading browsers and web platforms.
With WebAuthn, users and organizations now have more flexibility and can leverage strong authentication using a combination of an external authenticator, such as a security key, and an internal platform authenticator, such as a biometric touchpad or camera on a laptop to access their web service.