The new WebAuthn protocol will allow users of a device –such as a computer or a smartphone– to authenticate on a website using a USB security key, a biometric solution, or his computer or smartphone’s password. The ideal scenario is that WebAuthn would replace the need to create password-protected accounts on online websites, hence avoid situations where hackers pilfer this data during security breaches.
Instead, the user would register on the site using a device (via an attestation key) and later authenticate via the same device or others using authentication keys generated by that device during login procedures.Read more …
Source : Zdnet