Alex's Notes

CS253 Lecture Summaries: Part XIV: WebAuthn

Password recap:

Use bcrypt. Terribly phishable.

Authentication factors. Something you know, have, are.

Urges us to stop thinking about factors. WebAuthn is supposed to help stop thinking about factors.

What is WebAuthn? A browser API for many authentication factors.

It has two main methods:

navigator.credentials.create(...)

navigator.credentials.get(...)

They have very complicated arguments!

Essentially there are two things - I have a physical authentication key that I want to tell the site about (create). Or I want to use the credential (get) with a site.

You can test out WebAuth on this site

And demo in https://webauthn.io