# Authenticators

An Authenticator is a cryptographic entity used to generate a public key credential and registered by a Relying Party (i.e. an application). This public key is used to authenticate by potentially verifying a user in the form of an authentication assertion and other data.

Authenticators may have additional features such as PIN code or biometric sensors (fingerprint, facial recognition…) that offer user verification.

![USB device with fingerprint reader](https://1263713486-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LVNwBmzKc-PDhuJq1DT-2165007240%2Fuploads%2Fgit-blob-10ad08d64797b78eb690319c37c7e7b0f179b01c%2Fimages.jpeg?alt=media)

## Roaming Authenticators

The roaming authenticator may have different forms. The most common form is a USB device the user plugs into its computer. It can be a paired Bluetooth device or a card with NFC capabilities.

Authenticators of this class are removable from, and can "roam" among, client devices.

![Webauthn compatible devices](https://1263713486-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LVNwBmzKc-PDhuJq1DT-2165007240%2Fuploads%2Fgit-blob-64b2450087e4895df6ae36805cb5bc8f992c9f00%2Ffido2.jpeg?alt=media)

## Platform Authenticators

A platform authenticator is usually not removable from the client device. For example an Android smartphone or a Windows 10 computer with the associated security chips can act as an authenticator.

![Android screenshot](https://1263713486-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LVNwBmzKc-PDhuJq1DT-2165007240%2Fuploads%2Fgit-blob-8645abbb67d65bc7798066f3c5b2ff26b1fb7f5d%2Fwebauthn-android-fennec.png?alt=media)

![Fingerprint reader on a laptop](https://1263713486-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LVNwBmzKc-PDhuJq1DT-2165007240%2Fuploads%2Fgit-blob-fef008e7196412521b6885977aa0ac6d1cd7cdb8%2Fmaster.jpg?alt=media)