[aborsy]

This space is confusing. FIDO2, U2F, UAF, CTAP, WebAuth, Passkey, 2FA, … The names frequently change.

Aren’t all of them just public key authentication (with the private key in a mini-HSM, and public key either calculated in real-time, or stored, in the HSM, and synced externally)?

[jeroenhd]

There are two names that the end user should see today (WebAuthn for older apps, Passkey for modern stuff). U2F is a pretty old name that may still pop up, but I'm not sure if any user facing software ever used that name to begin with. Most likely, the names facing the user are "security key" or "passkey".

FIDO2 is a standard set up by a couple of authentication companies and stakeholders. U2F was basically an earlier attempt at that. FIDO UAF is a protocol for authenticating, CTAP is a protocol for communicating with hardware. 2FA is just a generic term for "multiple factors", like combining a PIN with your fingerprint. WebAuthn is the web API for authenticating with security keys.

Most of them do indeed come down to public key cryptography. The challenge is providing a public key API that works across hardware vendors, supports attestation, and allows for things like "use your phone to verify your login if your computer's TPM isn't sufficient". They all solve a different problem in the chain, and the names have changed a bit over the decades.

If you're building software now, use the word "passkeys". Apple and Google have stuck with those names, and they're named a lot friendlier than "WebAuthn".

[tialaramex]

There are a bunch of related but distinct technologies with names here. For example:

CTAP is a protocol for say a PC, or a Phone to talk to an authenticator, maybe over USB or maybe Bluetooth.

WebAuthn is a W3C standard for how a web site can negotiate (via Javascript) exactly what we're going to authenticate and then perform the authentication.

Imagine you connect an external CD drive to your laptop. The CD can turn Red Book CD audio into PCM data, maybe the drive plugs in with a USB-C cable, and the drive uses a SCSI-based Mass Storage variant USB protocol to talk to the laptop, which has an XHCI USB controller, so your operating system needn't know the fine details of this precise PCI USB controller chip. Again, distinct technologies with their own names.

[yencabulator]

Passkeys are the opposite of "private key in a mini-HSM" in that they're synced to a cloud provider.

The goals of this whole thing have shifted, and it's hard to keep track of what was aiming at what goal. It started out as "actually secure 2FA" and now we're at "cloud-synced unphishable password replacements for non-technical users".

[m-p-3]

It depends if you use a hardware token or a password manager that supports Passkeys.

If it's the hardware token, then the "certificate" (which can either contain your username or not aka discoverable vs non-discoverable credentials) that private key required for authentication will be stored and cannot be extracted in the secure element (until an exploit is found).

[aborsy]

I’m not an expert in these protocols, but it’s the public key that is synced. There is no need for the private key leaving the device, in “asymmetric authentication”.

Syncing the private key is like “symmetric authentication”, where the hashed password is sent to the website. That’s the old way of authentication.

[yencabulator]

"Passkeys" are backed up into Google/Apple/1Password cloud. You can grab a fresh laptop and download your synced passkeys into it, and log in from there.

That being possible means the private key material has to be backed up, as opposed to being permanently locked into an HSM like Yubikey.

[aborsy]

No, only public key has to be synced, for that to be possible :)

Think of ssh keys. Only your public key has to be transferred to the server for you to login.

[yencabulator]

Take laptop A. With it, use a passkey to log into a website. Sync passkey with the FAANG of your choice. Destroy laptop A.

Take laptop B. Log in to your FAANG of choice, syncing passkeys locally. Use laptop B to log into the same website.

Your FAANG of choice saw much more than a public key, for that to be possible. That might have been encrypted by something like your password to the FAANG, but still, it's the opposite of a tamperproof HSM.

[stavros]

They are all just public key authentication with a protocol on top to enable various use cases. For FIDO2/WebAuthn/passkeys, the device, on registration, gives the website the public key to use for subsequent authentications.