Skip to content
Longterm Wiki
Back

Web Authentication: An API for accessing Public Key Credentials - Level 2

web
w3.org·w3.org/TR/webauthn-2/

This is a W3C technical web standard for authentication, tangentially relevant to AI safety only in the context of securing AI systems or mitigating social engineering; the original tags (social-engineering, voice-cloning, deepfakes) suggest it was miscategorized in this knowledge base.

Metadata

Importance: 18/100standardreference

Summary

The W3C WebAuthn Level 2 specification defines a browser API for strong, phishing-resistant authentication using public key cryptography and hardware security keys or biometrics. It enables websites to replace or supplement passwords with cryptographic credentials bound to authenticator devices. This standard is a core component of the FIDO2 framework for passwordless and multi-factor authentication.

Key Points

  • Defines a JavaScript API allowing web applications to create and verify public key credentials stored on hardware authenticators or platform biometrics
  • Provides phishing resistance by binding credentials cryptographically to specific origins, preventing credential reuse across sites
  • Supports multiple authenticator types including roaming keys (USB/NFC/BLE) and platform authenticators (fingerprint/face recognition)
  • Reduces reliance on passwords, mitigating risks from phishing, credential stuffing, and social engineering attacks
  • Level 2 extends Level 1 with improved features like resident keys, user verification enhancements, and broader authenticator support

Cited by 1 page

PageTypeQuality
AI-Powered FraudRisk69.0

Cached Content Preview

HTTP 200Fetched Mar 20, 20264 KB
This version:
[https://www.w3.org/TR/2021/REC-webauthn-2-20210408/](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/)Latest published version:
[https://www.w3.org/TR/webauthn-2/](https://www.w3.org/TR/webauthn-2/)Editor's Draft:
[https://w3c.github.io/webauthn/](https://w3c.github.io/webauthn/)Previous Versions:
[https://www.w3.org/TR/2021/PR-webauthn-2-20210225/](https://www.w3.org/TR/2021/PR-webauthn-2-20210225/)[https://www.w3.org/TR/2020/CR-webauthn-2-20201222/](https://www.w3.org/TR/2020/CR-webauthn-2-20201222/)[https://www.w3.org/TR/2020/WD-webauthn-2-20201216/](https://www.w3.org/TR/2020/WD-webauthn-2-20201216/)[https://www.w3.org/TR/2020/WD-webauthn-2-20201116/](https://www.w3.org/TR/2020/WD-webauthn-2-20201116/)[https://www.w3.org/TR/2020/WD-webauthn-2-20200730/](https://www.w3.org/TR/2020/WD-webauthn-2-20200730/)[https://www.w3.org/TR/2019/WD-webauthn-2-20191126/](https://www.w3.org/TR/2019/WD-webauthn-2-20191126/)[https://www.w3.org/TR/2019/WD-webauthn-2-20190604/](https://www.w3.org/TR/2019/WD-webauthn-2-20190604/)[https://www.w3.org/TR/2019/REC-webauthn-1-20190304/](https://www.w3.org/TR/2019/REC-webauthn-1-20190304/)Implementation Report:
[https://www.w3.org/2020/12/webauthn-report.html](https://www.w3.org/2020/12/webauthn-report.html)Issue Tracking:
[GitHub](https://github.com/w3c/webauthn/issues)Editors:
[Jeff Hodges](mailto:jdhodges@google.com) (Google)
[J.C. Jones](mailto:jc@mozilla.com) (Mozilla)
[Michael B. Jones](mailto:mbj@microsoft.com) (Microsoft)
[Akshay Kumar](mailto:akshayku@microsoft.com) (Microsoft)
[Emil Lundberg](mailto:emil@yubico.com) (Yubico)
Former Editors:
[Dirk Balfanz](mailto:balfanz@google.com) (Google)
[Vijay Bharadwaj](mailto:vijay.bharadwaj@microsoft.com) (Microsoft)
[Arnar Birgisson](mailto:arnarb@google.com) (Google)
[Alexei Czeskis](mailto:aczeskis@google.com) (Google)
[Hubert Le Van Gong](mailto:hlevangong@paypal.com) (PayPal)
[Angelo Liao](mailto:huliao@microsoft.com) (Microsoft)
[Rolf Lindemann](mailto:rolf@noknok.com) (Nok Nok Labs)
Contributors:
[John Bradley](mailto:WebAuthn@ve7jtb.com) (Yubico)
[Christiaan Brand](mailto:cbrand@google.com) (Google)
[Adam Langley](mailto:agl@google.com) (Google)
[Giridhar Mandyam](mailto:mandyam@qti.qualcomm.com) (Qualcomm)
[Nina Satragno](mailto:nsatragno@google.com) (Google)
[Nick Steele](mailto:nick.steele@gemini.com) (Gemini)
[Jiewen Tan](mailto:jiewen_tan@apple.com) (Apple)
[Shane Weeden](mailto:sweeden@au1.ibm.com) (IBM)
[Mike West](mailto:mkwst@google.com) (Google)
[Jeffrey Yasskin](mailto:jyasskin@google.com) (Google)
Tests:
[web-platform-tests webauthn/](https://github.com/web-platform-tests/wpt/tree/master/webauthn) ( [ongoing work](https://github.com/web-platform-tests/wpt/labels/webauthn))


Please check the [**errata**](https://www.w3.org/2021/04/webauthn-2-errata.html) for any errors or issues reported since publication.

[Copyright](https://www.w3.org/Consortium/Legal/ipr-notice#Copyright) © 2021 [W3C](https://www.w3.org/) ® ( [MIT](https://www.c

... (truncated, 4 KB total)
Resource ID: ef2c27817118d105 | Stable ID: YmZiNzgxNG