Platform
HYPR Identity Assurance Platform
Complete identity security solution that creates trust in the identity lifecycle

HYPR Authenticate: Passwordless MFA
Phishing-resistant FIDO passkeys-based security

HYPR Adapt: Risk Policy & Orchestration
Comprehensive identity risk engine and adaptive authentication

HYPR Affirm: Identity Verification
Identity proofing and verification built for the enterprise

Key Integrations

Entra ID (Azure)

Okta

Ping

CrowdStrike

Idemia

Yubico

SSH & Linux

ForgeRock

SiteMinder

Citrix

OneLogin

See All Integrations

HYPR Enterprise Passkeys
Integrate proven FIDO2 phishing-resistant passwordless authentication with your IAM environments
Solutions
Industry

Financial Services

Critical Infrastructure

Energy

Retail & Hospitality

Business Initiative

Modernize User Experience
Boost productivity, satisfaction and engagement for workforce and customers

AI Attack Prevention
Thwart generative AI attacks against your business

Workforce Identity Security & KYE
Improve workforce security & Know Your Employee

Deploy Passkeys
Find the right next-gen passkeys for your business

Accelerate Compliance
Meet regulatory requirements without disrupting user experience

Call Center Verification
Improve verification of employees and customers

Zero Trust Authentication
Stop credential-based attacks with a Zero Trust identity approach

The Total Economic Impact™ of HYPR
Forrester Consulting calculates that HYPR customers save millions of dollars, with a 324% ROI
Resources
Resource Center
Learn about IAM security, passkeys and passwordless authentication technology

Customer Stories

Reports and Guides

Passkey Resources

Videos

State of Passwordless Security

See All Resources

Additional Resources

Blog

Definitive Passwordless Guide

Security Encyclopedia

How HYPR Passwordless Works
How HYPR Authenticate passwordless MFA works

Support Center
Support help, setup guides, developer documentation and more

Documentation

API Reference

Knowledge Base

System Status

Get Support

User Guide
Company
About HYPR
HYPR creates trust in the identity lifecycle

Careers

News

Events

Security & Certifications

Contact Us

Partner Program

Become a Partner

State of Passwordless Security Report
The third annual edition investigates top attack vectors, the greatest security gaps, and the impact of passwordless authentication
Pricing
icon-search
Get a Demo

Encyclopedia Web Authentication (WebAuthn)

Web Authentication (WebAuthn)

Web Authentication (WebAuthn) is an open standard that establishes a uniform interface for passwordless authentication to web-based services using public-key cryptography (PKC). A core component of FIDO2, WebAuthn is a joint initiative of the World Wide Web Consortium (W3C) and the FIDO Alliance, a consortium that works to end our overreliance on passwords.

WebAuthn makes use of a website, called the Relying Party, a browser, called the WebAuthn Client, and a FIDO2-compatible authenticator. FIDO2-compatible authenticators can be FIDO U2F hardware tokens or software tokens (on a smartphone), or a Platform Authenticator such as the Android or Windows Hello operating systems.

A FIDO2 authentication flow is as follows: The website prompts the browser using JavaScript. The browser then communicates with the authenticator using a JavaScript API inside the browser. The user then takes the required action on the authenticator, such as entering a PIN or presenting a biometric. The website receives the signed authentication assertion from the browser, the digital signature on the assertion is verified using the user's trusted public key, and the user gains access.

FIDO2 Certification Badge:

FIDO2 certified

Example:

"TLS has brought us a long way in terms of foundational web security. Now, with WebAuthn, we're entering a whole new phase by making MFA widely available for websites that want to make accessing web services far more secure by more reliably tying the user and device with the activity."

FIDO2 Web Authentication Demo:

A B C D E F G H I K L M N O P Q R S T U V W Z

Popular Pages

Identity Verification Identity Assurance Rainbow Table Attack Keylogger

Share This Post

New call-to-action