WebAuthn, short for Web Authentication, is a standard that helps websites offer safer sign-in methods. It lets a website ask your browser to use a trusted authenticator, such as your phone, laptop, fingerprint reader, face unlock system, or hardware security key. The result can be a passwordless sign-in or a stronger second step after a password.
The important idea behind WebAuthn is that the secret used to prove your identity does not need to be typed or shared with the website. Your device keeps a private cryptographic key, while the website stores a matching public key. When you log in, the website sends a challenge, and your authenticator signs the challenge. The website can verify the answer without ever seeing the private key.
That design makes WebAuthn useful against phishing. If a fake website tries to trick you, your browser and authenticator can limit the credential to the real website address. This is different from a password, which a person can accidentally type into almost any form that looks convincing.
WebAuthn is one of the technologies behind a passkey. A passkey is the user-facing sign-in method, while WebAuthn is part of the technical standard that makes it work across browsers, operating systems, and websites.
For normal users, WebAuthn is not something they usually configure by name. They experience it as "sign in with your device," "use a security key," or "create a passkey." For developers and site owners, WebAuthn matters because it gives a standard way to add strong authentication without inventing a custom login system.