# Authenticators

An Authenticator is a cryptographic entity used to generate a public key credential and registered by a Relying Party (i.e. an application). This public key is used to authenticate by potentially verifying a user in the form of an authentication assertion and other data.

Authenticators may have additional features such as PIN code or biometric sensors (fingerprint, facial recognition…) that offer user verification.

![USB device with fingerprint reader](https://1550827578-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNfTLafqJ3c6pdqbPYs5d%2Fuploads%2F6m7G2kzTZchPURJ3cbZO%2Fimages.jpeg?alt=media)

## Roaming Authenticators

The roaming authenticator may have different forms. The most common form is a USB device the user plugs into its computer. It can be a paired Bluetooth device or a card with NFC capabilities.

Authenticators of this class are removable from, and can "roam" among, client devices.

![Webauthn compatible devices](https://1550827578-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNfTLafqJ3c6pdqbPYs5d%2Fuploads%2FOzuWchQceLm3VZ5F9U1B%2Ffido2.jpeg?alt=media)

## Platform Authenticators

A platform authenticator is usually not removable from the client device. For example an Android smartphone or a Windows 10 computer with the associated security chips can act as an authenticator.

![Android screenshot](https://1550827578-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNfTLafqJ3c6pdqbPYs5d%2Fuploads%2FMSByjQ9Ex3Z6KV1U97cy%2Fwebauthn-android-fennec.png?alt=media)

![Fingerprint reader on a laptop](https://1550827578-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNfTLafqJ3c6pdqbPYs5d%2Fuploads%2FH955j6iebWkfedda18Ip%2Fmaster.jpg?alt=media)