You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -91,9 +91,11 @@ We discourage SMS based MFA as it can be intercepted and unreliable at times. Ho
Throttling must be implemented. A basic example is blocking attempts for 15 to 60 minutes after the 5th consecutive failed attempt. The user should also be notified to change the password as well.
## Passkeys
## WebAuthn (passkeys)
Passkeys allow you to use in-device authentication methods, such as biometrics and pin-codes. See the [Passkeys](/passkeys) guide.
The [Web Authentication API (WebAuthn)](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API) allows applications to use user devices for authentication using public key cryptography. You can either verify the user's identity with the devices PIN code or biometrics, or just verify the device. Both works as a second factor and the latter can be more user-friendly as users aren't prompted for their password/fingerprint.
See the [passkeys](/passkeys) guide for implementations.
