WebAuthn

Create simple yet secure web experiences

Use WebAuthn to allow desktop and mobile browsers to verify users with built-in device biometrics, as well as hardware keys like YubiKey.
Get startedTalk to an auth expert
Screenshot of verify your identity
Screenshot of mobile face ID
Fingerprint icon

Cut friction for your users

By integrating WebAuthn into your app, you can create a seamless experience to authenticate your users with a registered device or hardware key.
Face ID icon

The unphishable authentication factor

Based on public-key cryptography, WebAuthn’s use of hardware security modules or biometrics for passwordless authentication provides unparalleled security.

How it works

Meet WebAuthn, aka Web Authentication

WebAuthn allows web applications on supported browsers to authenticate users on mobile and desktop apps via two low-friction options:

Method 01

Built-in device biometrics: Touch & FaceID

Use our API to verify possession of your user’s original device and biometric proof in their facial ID or fingerprint. It’s secure, and super easy.
Explore the docs
Face ID illustration
Round face illustration
Fingerprint illustration

Method 02

Cross-platform hardware keys

Use our API to verify your users with specialized hardware keys (such as YubiKey) and let users move from one device to another — while retaining your auth method.
Explore the docs
Yubico
Screenshot of verify your identity screen

MFA & 2FA made easy

WebAuthn creates a secure and flexible interface for implementing passwordless multi-factor authentication across web-based services. By streamlining the integration process, Stytch’s WebAuthn makes two factor authentication simple and compatible with all FIDO2 certified authenticators.
Learn more about Stytch security
Yubikey face ID fingerprint illustration

Security

We take your security seriously

Stytch is certified to the highest industry standards — protecting you and your customers' privacy. We regularly complete third-party SOC2 Type II audits and offer HIPAA BAA agreements to companies operating in the healthcare industry. Stytch fully supports companies that require PCI compliance for their vendors. Additionally, utilizing the Stytch services can help you meet PSD2 and strong customer authentication requirements.
For. more information on Stytch's security and compliance practices, refer to the Security section of our Docs.
Learn more about Stytch security

Our platform

Explore other authentication products

Pick the product that’s most suited to your app and user experience by choosing from a range of options.