WebAuthn

Create simple, secure web experiences

WebAuthn allows for seamless verification through built-in device biometrics or secure hardware keys like YubiKey for secure passwordless web authentication.
Screenshot of verify your identity
Screenshot of mobile face ID
Fingerprint icon

Cut friction for your users

Integrating WebAuthn into your digital ecosystem significantly streamlines the user authentication process. Relying parties adopting WebAuthn can offer their users a frictionless web authentication experience using registered devices or secure hardware keys. This not only elevates user satisfaction but also fortifies the authentication flow against common security threats.
Face ID icon

The unphishable authentication factor

WebAuthn employs public key cryptography to eliminate the vulnerabilities associated with password-based authentication. By generating a unique pair of keys (public key and private key) during the registration process, WebAuthn ensures that the user's private key never leaves their device, thereby offering a secure authentication assertion that is inherently resistant to phishing and replay attacks.

How it works

WebAuthn via Stytch’s web authentication API

Endorsed by the World Wide Web Consortium (W3C), WebAuthn (shorthand for web authentication) is designed to authenticate users with a greater level of security and convenience. The WebAuthn authentication flow involves two primary methods:

Method 1

Built-in device biometrics: Touch & FaceID

Through the Stytch WebAuthn API, you can easily authenticate users by verifying biometric data, such as fingerprints or facial recognition, directly from the user's device, utilizing the built-in platform authenticator for enhanced security. The WebAuthn client within the user agent (browser) securely registers a new credential with the relying party.
Face ID illustration
Round face illustration
Fingerprint illustration

Method 2

Cross-platform hardware keys

WebAuthn also supports the use of cross-platform authenticators like YubiKey, enabling a consistent and secure authentication experience across various devices. This WebAuthn method is great for users who frequently switch devices or require an additional layer of security. Hardware keys ensure that the user's private key, stored on the key itself, pairs with a corresponding public key registered with the relying party, enhancing the security of the authentication process.
Yubico
Screenshot of verify your identity screen

MFA & 2FA made easy

WebAuthn is a foundational element in two-factor and multi-factor authentication (MFA), providing a secure and flexible solution for implementing passwordless authentication. By streamlining the integration process, Stytch’s WebAuthn makes two-factor authentication simple and compatible with all FIDO2 certified authenticators.
Yubikey face ID fingerprint illustration

Security

We take your security seriously

Stytch is dedicated to maintaining the highest security standards. All of our authentication solutions, including WebAuthn, are built to protect user data and privacy. We regularly complete third-party SOC2 Type II audits and offer HIPAA BAA agreements to companies operating in the healthcare industry. Stytch fully supports companies that require PCI compliance for their vendors. Our adherence to stringent security protocols, including regular SOC2 Type II audits and compliance with HIPAA and PCI standards, demonstrates our commitment to strong customer authentication in line with PSD2 requirements.
Stytch's WebAuthn solution enhances the security of user authentication and user credentials, ensuring that the public key infrastructure is robust and resilient against potential security threats.
For more information on Stytch's security and compliance practices, refer to the Security section of our Docs.

Our platform

Explore other authentication products

Pick the product that’s most suited to your app and user experience by choosing from a range of options.