# Authenticators

An Authenticator is a cryptographic entity used to generate a public key credential and registered by a Relying Party (i.e. an application). This public key is used to authenticate by potentially verifying a user in the form of an authentication assertion and other data.

Authenticators may have additional features such as PIN code or biometric sensors (fingerprint, facial recognition…) that offer user verification.

![USB device with fingerprint reader](https://content.gitbook.com/content/cFaLJyN5MTDvN1uJDvQW/blobs/14bTHLTwJ8A3TRt6DNjR/images.jpeg)

## Roaming Authenticators

The roaming authenticator may have different forms. The most common form is a USB device the user plugs into its computer. It can be a paired Bluetooth device or a card with NFC capabilities.

Authenticators of this class are removable from, and can "roam" among, client devices.

![Webauthn compatible devices](https://content.gitbook.com/content/cFaLJyN5MTDvN1uJDvQW/blobs/yEHnORYtpVwSGVyZLdyH/fido2.jpeg)

## Platform Authenticators

A platform authenticator is usually not removable from the client device. For example an Android smartphone or a Windows 10 computer with the associated security chips can act as an authenticator.

![Android screenshot](https://content.gitbook.com/content/cFaLJyN5MTDvN1uJDvQW/blobs/nFae7tig1vJd4Cxa9qXl/webauthn-android-fennec.png)

![Fingerprint reader on a laptop](https://content.gitbook.com/content/cFaLJyN5MTDvN1uJDvQW/blobs/Q1Le85RujykvTy09u0EY/master.jpg)

### Passkey

<figure><img src="https://content.gitbook.com/content/cFaLJyN5MTDvN1uJDvQW/blobs/CUIaOVlZQI4TWOLYWDvF/FIDO_Passkey_mark_A_black-e1702581853266.png" alt="" width="188"><figcaption><p>Passkey Logo</p></figcaption></figure>

Passkey are virtual authenticators that have extended capabilities and in particular:

* Synchronized and stored in an integrated password manager (e.g., iCloud Keychain, Google Password Manager).
* Simple and integrated use, no need for an external device.
* Seamless synchronization across different user devices.
* Backed up automatically through the associated cloud service, allowing easy recovery if a device is lost or replaced.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://webauthn-doc.spomky-labs.com/webauthn-in-a-nutshell/authenticators.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.