What is an Authenticator?#
An authenticator is a cryptographically backed device responsible for creating and securely storing WebAuthn user credentials for an application. Here are its core functionalities:
- Creates public-private-key pairs in WebAuthn / passkey authentication.
- Manages the private key and uses them for signing authentication requests.
- Comes in two main types: platform authenticator and roaming authenticator.
- Uses biometrics, PINs, or other methods for user authentication.
Become part of our Passkeys Community for updates and support.
Join
Key Takeaways#
- An authenticator is a device that manages private keys for user application credentials.
- Platform authenticators are device-specific like Apple's Touch ID / Face ID or Microsoft's Windows Hello.
- Roaming authenticators are external devices like hardware security keys (e.g. YubiKeys) used across various client devices
Understanding Authenticators in Depth#
Authenticators, at their core, offer a shield of security to web and native applications, ensuring the right user accesses the right data. Let's break down the types:
- Bound to Specific Devices: Each major tech company has its version: Apple’s Touch ID and Face ID, Microsoft’s Windows Hello, and Google’s Android biometric features.
- Trusted Platform Module (TPM): A built-in cryptographic element, TPM manages public and private keys. It typically uses a device's biometric capability, such as face or fingerprint scanners, for authenticating users. However, other methods like PINs in Windows Hello or lock-screen patterns in Android smartphones are also prevalent.
- Portable and Versatile: These are external devices that can be used with different client devices, like laptops or smartphones. They can connect using USB, NFC, or Bluetooth.
- Varieties: The most common form are hardware security keys, such as YubiKeys. Some even have fingerprint scanners, while others may require a simple button press.
Subscribe to our Passkeys Substack for the latest news and insights.
Subscribe
Authenticator FAQs#
What is the primary function of an authenticator?#
An authenticator is a cryptographically supported device used for creating and securely storing user credentials for an application. Its primary function is to create public-private-key pairs, manage the private key and utilize it for signing authentication requests.
Platform authenticators are device-specific, like Apple's Touch ID / Face ID, and are bound to a particular device. In contrast, roaming authenticators are external, portable devices, such as security keys, that can be used across different client devices.
Can roaming authenticators be used for sharing passkeys?#
Roaming authenticators should not be mistaken for passkey sharing capabilities like QR code scanning, Bluetooth, or AirDrop. They serve different purposes in the realm of user authentication.