> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Brief overview of how WebAuthn works as a factor for MFA

# WebAuthn as Multi-Factor Authentication

When users authenticate with WebAuthn, they use something **they have** as an authentication factor: a security key, or a device.

Both Security Keys and Device Biometrics support **user verification**, which requires users provide something **they know** (a PIN or a passcode) and something **they are** (like biometric traits).

When using Device Biometrics, user verification is always performed. To perform verification with Security Keys, you [need to configure Auth0](/docs/secure/multi-factor-authentication/fido-authentication-with-webauthn/configure-webauthn-security-keys-for-mfa) to require a PIN. Then users will be asked to enter a PIN, which is only stored in the security key, to complete authentication. Now when user verification is performed, users can login with WebAuthn as the only authentication method to achieve <Tooltip tip="Multi-factor authentication (MFA): User authentication process that uses a factor in addition to username and password such as a code via SMS." cta="View Glossary" href="/docs/glossary?term=multi-factor+authentication">multi-factor authentication</Tooltip>.

By using WebAuthn for authentication combined with user verification, you not only replace the password with something much simpler to use, you also remove the need of having another authentication step when requiring MFA.

## Webauthn.me

Auth0 maintains [webauthn.me](https://a0.to/webauthme-auth0-docs), which has [detailed information](https://webauthn.me/introduction) about WebAuthn and an up-to-date list of browsers supporting WebAuthn.