In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In previous blog posts we went through how WebAuthn can benefit your customer experience and strengthen your security posture, as well as some of the key components/terminology that make up this new technology. In this post, we will explore how the registration and authentication flows work, and thereby understand how Webauthn is both a secure and convenient authentication method. How does user registration work ? Webauthn Registration from Okta-Inc Step 1: User intiaties device setup on device. Submit username (without any password) to the web (relying party) server. Step 2: Relying party server generates a challenge key for registration (one time use).