Establishing a Secure Portable Root of Trust with WebAuthn

WebAuthn enables websites, services, and applications to easily deploy strong authentication without dependence on weak passwords. With native support in all major platforms and browsers, WebAuthn offers users expanded choices for authenticating—including external authenticators (such as a hardware security key) or internal authenticators (such as a biometric reader built into a device).

While these authenticators offer the best available protection, an important consideration is how to establish a “root of trust.” This is the mechanism by which a user recovers an account or establishes their identity on a new device. With WebAuthn, users now have the ability to establish an external authenticator as a portable root of trust, offering benefits for establishing trust on new and replacement devices.

Read this third paper in the Yubico WebAuthn series to understand:

• Why WebAuthn matters
• The benefits of a hardware security key as a portable root of trust, including account recovery; high-risk or high-value transactions; and more
• How to create a portable root of trust with hardware security keys
• Best practices for using external authenticators