WebAuthn
Create simple, secure web experiences
WebAuthn allows for seamless verification through built-in device biometrics or secure hardware keys like YubiKey for secure passwordless web authentication.
Cut friction for your users
Integrating WebAuthn into your digital ecosystem significantly streamlines the user authentication process. Relying parties adopting WebAuthn can offer their users a frictionless web authentication experience using registered devices or secure hardware keys. This not only elevates user satisfaction but also fortifies the authentication flow against common security threats.
The unphishable authentication factor
WebAuthn employs public key cryptography to eliminate the vulnerabilities associated with password-based authentication. By generating a unique pair of keys (public key and private key) during the registration process, WebAuthn ensures that the user's private key never leaves their device, thereby offering a secure authentication assertion that is inherently resistant to phishing and replay attacks.
How it works
WebAuthn via Stytch’s web authentication API
Endorsed by the World Wide Web Consortium (W3C), WebAuthn (shorthand for web authentication) is designed to authenticate users with a greater level of security and convenience. The WebAuthn authentication flow involves two primary methods:
Method 1
Built-in device biometrics: Touch & FaceID
Through the Stytch WebAuthn API, you can easily authenticate users by verifying biometric data, such as fingerprints or facial recognition, directly from the user's device, utilizing the built-in platform authenticator for enhanced security. The WebAuthn client within the user agent (browser) securely registers a new credential with the relying party.
Method 2
Cross-platform hardware keys
WebAuthn also supports the use of cross-platform authenticators like YubiKey, enabling a consistent and secure authentication experience across various devices. This WebAuthn method is great for users who frequently switch devices or require an additional layer of security. Hardware keys ensure that the user's private key, stored on the key itself, pairs with a corresponding public key registered with the relying party, enhancing the security of the authentication process.
MFA & 2FA made easy
WebAuthn is a foundational element in two-factor and multi-factor authentication (MFA), providing a secure and flexible solution for implementing passwordless authentication. By streamlining the integration process, Stytch’s WebAuthn makes two-factor authentication simple and compatible with all FIDO2 certified authenticators.
Security
We take your security seriously
Stytch is dedicated to maintaining the highest security standards. All of our authentication solutions, including WebAuthn, are built to protect user data and privacy. We regularly complete third-party SOC2 Type II audits and offer HIPAA BAA agreements to companies operating in the healthcare industry. Stytch fully supports companies that require PCI compliance for their vendors. Our adherence to stringent security protocols, including regular SOC2 Type II audits and compliance with HIPAA and PCI standards, demonstrates our commitment to strong customer authentication in line with PSD2 requirements.
Stytch's WebAuthn solution enhances the security of user authentication and user credentials, ensuring that the public key infrastructure is robust and resilient against potential security threats.
For more information on Stytch's security and compliance practices, refer to the Security section of our Docs.
Our platform
Explore other authentication products
Pick the product that’s most suited to your app and user experience by choosing from a range of options.