Overview

In April 2018, the World Wide Web Consortium (W3C) advanced the Web Authentication (WebAuthn) standard to the Candidate Recommendation stage.

This standard defines an application programming interface (API) that can be incorporated into browsers to facilitate public key cryptography-based authentication on laptop and desktop devices. Developed in conjunction with the FIDO Alliance, WebAuthn is a core component of the FIDO2 Project.

Notably, this API offers organizations a framework that can completely obviate passwords in customer authentication, although a number of factors, including customer expectations and hardware limitations, render it unlikely that any organization will eliminate passwords in the near future. Under WebAuthn, the site authenticating the user is able to directly interface with the authenticator, with passwords never making an appearance in the process.

Book a Meeting with the Author

Related content

July 29, 2025
Deepfake Accountability: Overcoming Hurdles to Effective Legislation

Deepfakes are not new to the financial services industry, nor are they a new threat to consumers. But artificial intelligence has contributed to the rapid increase in deepfake-rela...

June 17, 2025
Account Takeover: Static Authentication Enables Access Without Confirmation

Account takeover (ATO) is surging, and the problem is getting dimensionally worse. Banks that rely on outdated, one-time authentication and static identity verification strategies ...

May 15, 2025
Fraud in the Age of Agentic Commerce

Agentic commerce is coming, and so are the fraud opportunities. Consumers, agent services, and merchants must all be prepared for an onslaught of fraud and scams, with cybercrimina...

Make informed decisions in a digital financial world

Let's Connect