Editing Authenticator (section)

====FIDO2====
[[File:Bitwarden Passkey window screenshot.png|thumb|upright=1.2|Example of WebAuthn ([[Pixiv]] with [[Bitwarden]])]]
The FIDO U2F protocol standard became the starting point for the [[FIDO2 Project]], a joint effort between the World Wide Web Consortium (W3C) and the FIDO Alliance. Project deliverables include the W3C Web Authentication ([[WebAuthn]]) standard and the FIDO [[Client to Authenticator Protocol]] (CTAP).<ref name="FIDO-FIDO2">{{cite web |title=FIDO2: Moving the World Beyond Passwords |url=https://fidoalliance.org/fido2/ |publisher=FIDO Alliance |access-date=30 January 2019}}</ref> Together WebAuthn and CTAP provide a strong authentication solution for the web.

A FIDO2 authenticator, also called a WebAuthn authenticator, uses public-key cryptography to interoperate with a WebAuthn client, that is, a conforming web [[user agent]] that implements the WebAuthn [[JavaScript]] API.<ref name="W3C-WebAuthn">{{cite web |editor1-last=Balfanz |editor1-first=Dirk |editor2-last=Czeskis |editor2-first=Alexei |editor3-last=Hodges |editor3-first=Jeff |editor4-last=Jones |editor4-first=J.C. |editor5-last=Jones |editor5-first=Michael B. |editor6-last=Kumar |editor6-first=Akshay |editor7-last=Liao |editor7-first=Angelo |editor8-last=Lindemann |editor8-first=Rolf |editor9-last=Lundberg |editor9-first=Emil |title=Web Authentication: An API for accessing Public Key Credentials Level&nbsp;1 |url=https://www.w3.org/TR/webauthn/ |publisher=World Wide Web Consortium (W3C) |access-date=30 January 2019}}</ref> The authenticator may be a platform authenticator, a roaming authenticator, or some combination of the two. For example, a FIDO2 authenticator that implements the CTAP2 protocol<ref name="FIDO-CTAP" /> is a roaming authenticator that communicates with a WebAuthn client via one or more of the following transport options: [[USB]], [[near-field communication]] (NFC), or [[Bluetooth Low Energy]] (BLE). Concrete examples of FIDO2 platform authenticators include Windows Hello<ref>{{cite web |last1=Simons |first1=Alex |title=Secure password-less sign-in for your Microsoft account using a security key or Windows Hello |url=https://www.microsoft.com/en-us/microsoft-365/blog/2018/11/20/sign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key/ |publisher=[[Microsoft]] |access-date=6 March 2019 |date=November 20, 2018}}</ref> and the [[Android operating system]].<ref>{{cite web |title=Android Now FIDO2 Certified, Accelerating Global Migration Beyond Passwords |url=https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/ |publisher=[[FIDO Alliance]] |access-date=6 March 2019 |location=BARCELONA |date=February 25, 2019}}</ref>

A FIDO2 authenticator may be used in either single-factor mode or multi-factor mode. In single-factor mode, the authenticator is activated by a simple test of user presence (e.g., a button push). In multi-factor mode, the authenticator (''something that one has'') is activated by either a [[Personal identification number|PIN]] (''something that one knows'') or a [[Biometrics|biometric]] ("something that is unique to oneself").