Using Web Authentication (WebAuthn)
The WebAuthn protocol aims to improve the security and usability of authenticating users over the internet. For that, it provides additional capabilities for server and security devices to communicate with each other – using the browser as an intermediary – to authenticate users using a cryptography protocol.
WebAuthn is based on asymmetric keys – a private-public key pair – to securely register users' devices and authenticate them in a system. There is no shared key between devices and the server, only a public key. By acting as an intermediary between security devices and the server, WebAuthn makes it possible to use these devices for 2FA, MFA using biometrics, or to seamlessly authenticate users without any explicit credentials other than their security devices: a concept also known as username-less and password-less authentication.
When used for 2FA, WebAuthn is a more secure method than OTP because there...