!!! Overview
[{$pagename}] ([Client To Authenticator Protocol] Two) provides additional capabilities such as [Biometric Authentication] and resident [keys] which allows richer [device] interactions with existing [Web Authentication API] ([WebAuthN])


[{$pagename}] is the [API] for the [authenticator] within [WebAuthN] generally must meet and use the [CTAP2] [API] which is the API used for communication to the [Security Key] that provide the "gesture".


* [{$pagename}] supports “user verification”, such as [PIN] or [Biometric Authentication] locally on the [Hardware-secured key]. This enables using the [key] as both 1st and 2nd factor without need for a [server-side] [password].
* [{$pagename}] supports storing the [Private Key] along with some [metadata] on the [device], whereas [U2F] instead [encrypts] the [Private Key] and stores the [ciphertext] on the [server]. While the [encryption] approach allows for simpler hardware and an unlimited number of registrations, the local storage approach allows login without even having to type (or even have) a [username]. [{$pagename}] devices supports both.
* [{$pagename}] has an extensions [framework] in which an [authentication] vendor and server can cooperate to implement custom features without the [ComputerAssociateIDMLine] having to understand them.
* [{$pagename}] – [Web Authentication API] – is compatible with more existing [Trusted Platform Modules] ([TPMs]) and such hardware. For [example], it’s theoretically possible that some [Android] phones could receive software upgrades that turn their [fingerprint] sensors into [WebAuthN] [authenticators].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]