Skip navigation

WebAuthn: Biometrics and Security Keys

Leave the passcode behind with WebAuthn using biometric sensors and security keys.


WebAuthn (Web Authentication API) is an open standard that allows third parties like Duo to tap into built-in biometric authenticators on laptops and smartphones. This means users can securely log into their accounts with the built-in TouchID fingerprint reader on MacOS laptops.

Created by the FIDO (Fast IDentity Online) Alliance and W3C, the WebAuthn is a specification that enables strong, public key cryptography registration and authentication. With WebAuthn, organizations can offer their users the most convenient authentication method available (their own fingerprint). It also guarantees user presence at the point of authentication and helps organizations future proof their investments in modern secure endpoints.

All that's needed to enable Webauthn is a supported web browser, operating system and a strong, built-in biometric authenticator like TouchID to enable a secure, phishproof two-factor authentication method. For devices that don’t contain a built-in biometric sensor, USB-based FIDO security keys such as the YubiKey by Yubico can bridge the gap.

An image of webauthn

Other Multi-Factor Authentication Methods

There’s a solution for every situation.

Duo Push

Duo Push is our most commonly-used authentication method, thanks to its simplicity and reliability. Users just download the Duo Mobile app and are automatically prompted to confirm each login attempt — all it takes is a single tap.

Tokens and Passcodes

Duo allows users to confirm their identity using a secure passcode generated by a physical token, a mobile device, or a network administrator.

Cover of Cover of Duo's

Passwordless: The Future of Authentication

Get the Free Guide