Technical Report on a Virtual CTAP2 WebAuthn Authenticator

Abstract: Even though passwordless authentication to online accounts offers greater security and protection from attack, passwords remain prevalent. Passwordless authentication adoption is impacted by the slow adoption of external hardware keys required to generate the security keys within the authentication protocol. We have developed a virtual WebAuthn authenticator in order to provide an extensible open source platform for understanding the associated standards of WebAuthn and CTAP2. Our authenticator provides secure software authentication for devices that do not have access to a physical hardware interface. Our authenticator also provides an alternative to an external physical hardware key and supports the use of a trusted platform module (TPM) on a device to generate the security keys within a WebAuthn protocol.