WebAuthn uses public key cryptography (asymmetric) instead of passwords or SMS texts for registration, authentication and 2FA.
- Protection against phishing: webauthn signatures changes with the origin, so it won’t work on “similar” webpages (with different domain name).
- Reduced impact of data breaches: it does not really matter if the public key is stolen.
- Invulnerable to password attacks: much harder to crack it by “brute force” than passwords.