WebAuthn Standard

WebAuthn enables web applications to create and use strong, public key-based credentials to authenticate users. Credentials are bound to a specific domain or origin when created and can only be used on that same origin. Additionally, they remain tied to the device where they were generated. Most commonly, these credentials use biometrics, such as Face ID or Windows Hello.

Benefits of WebAuthn

Passwords are widely recognized as the weakest link on the internet. Common measures to reduce account takeover (ATO), such as two-factor authentication, create work for developers and friction for users. WebAuthn is a simple, single-step alternative that cannot be brute-forced or spoofed through phishing.

WebAuthn Challenges (and how we help!)

In practice, WebAuthn-based authentication can be complex, as the specification doesn't explain how to handle authentication across multiple devices. For example, you would normally use the same password to access a site from both your phone and your computer. With WebAuthn, you would need to register your phone's biometric device and your laptop's biometric device to sign in from either one.

This is where we step in. noauth.sh handles all the complexity of registering new devices to provide a seamless experience. We've considered many edge cases and security risks so you don't have to.

Currently, not all browsers implement WebAuthn in the same way. noauth.sh can automatically adapt to different user types without you having to do anything and can fall back to another passwordless authentication method if the browser doesn't support WebAuthn.