Skip to main content
DI

FIDO2 and WebAuthn: Passwordless Authentication

David Turner

intermediateAuthenticationBiometrics

FIDO2 and WebAuthn: Passwordless Authentication

A developer guide to modern authentication

by David Turner, Christiaan Brand

4.2/5
FIDO Alliance
2023
180 pages

Summary

A comprehensive developer guide to implementing FIDO2 and WebAuthn passwordless authentication. Covers the FIDO2 protocol, WebAuthn API, platform authenticators, roaming authenticators, passkeys, and practical implementation patterns.

Why Read This Book

Passwordless authentication with passkeys is rapidly becoming the standard for consumer and enterprise applications. This guide provides the technical foundation needed to implement it correctly.

Key Takeaways

  • FIDO2 architecture and protocol flow
  • WebAuthn API implementation for web applications
  • Platform vs roaming authenticator considerations
  • Passkeys and cross-device authentication
  • Migration strategies from password-based to passwordless authentication

Who Should Read This

Developers implementing passwordless authentication with FIDO2 and WebAuthn in their applications.

Frontend DevelopersSecurity EngineersProduct Managers

Frequently Asked Questions

What is "FIDO2 and WebAuthn: Passwordless Authentication" about?

A comprehensive developer guide to implementing FIDO2 and WebAuthn passwordless authentication. Covers the FIDO2 protocol, WebAuthn API, platform authenticators, roaming authenticators, passkeys, and practical implementation patterns.

Who should read "FIDO2 and WebAuthn: Passwordless Authentication"?

Developers implementing passwordless authentication with FIDO2 and WebAuthn in their applications.

What are the key takeaways from "FIDO2 and WebAuthn: Passwordless Authentication"?

Key takeaways include: FIDO2 architecture and protocol flow; WebAuthn API implementation for web applications; Platform vs roaming authenticator considerations.

Related Books

Browse all

Solving Identity Management in Modern Applications

Yvonne Wilson

Solving Identity Management in Modern Applications

Yvonne Wilson, Abhishek Hingnikar

4.6

This book provides a practical guide to identity management for modern applications. It covers the fundamentals of authentication, authorization, OAuth 2.0, OpenID Connect, and SAML 2.0, explaining when and how to use each. The second edition includes updated coverage of passwordless authentication, passkeys, and decentralized identity.

intermediateIAMAuthentication

NIST SP 800-63 Digital Identity Guidelines

Paul Grassi

NIST SP 800-63 Digital Identity Guidelines

Paul Grassi, James Fenton, Elaine Newton, Ray Perlner, Andrew Regenscheid

4.7

The NIST SP 800-63 Digital Identity Guidelines provide technical requirements for federal agencies implementing digital identity services. Revision 4 covers identity proofing (800-63A), authentication and lifecycle management (800-63B), and federation and assertions (800-63C). It defines Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL).

referenceComplianceIAM

Authentication and Access Control

Jason Andress

Authentication and Access Control

Jason Andress

4

A practical guide to authentication mechanisms and access control models. It covers password-based authentication, multi-factor authentication, biometrics, access control models (MAC, DAC, RBAC, ABAC), and the cryptographic foundations that support them.

intermediateAuthenticationAuthorization