LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the key advantages and disadvantages of WebAuthn compared with passwords?

Advantages: phishing-resistant, no shared secret to steal, great login experience. Disadvantages: hardware dependency and portability/integration challenges.

Weighing it up against passwords and cookies:

Advantages

  • Security — no shared secret transmitted or stored; the private key never leaves the device; origin-binding makes it phishing-resistant; a server breach leaks only public keys.
  • Login experience — unlock with a quick PIN/biometric; no password to remember or type.

Disadvantages

  • Portability — a platform credential is tied to one device; losing the device (without a backup/passkey sync or a second authenticator) can lock you out.
  • Integration — requires compatible hardware (TPM/security key) and software support; historically uneven across browsers/OSes (using the Windows TPM typically requires Edge).

Tip: "Account recovery" is WebAuthn's thorniest real-world problem — register a second authenticator (e.g. a backup security key) or use synced passkeys so you're not locked out if one device is lost.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 05, 2026