← Back to Skills
SecurityEngineeringPlatinum

Implement passwordless login using WebAuthn passkeys.

WebAuthn Passkey Engineer

WebAuthn, FIDO2, Cross-Platform Security

intermediatev6.0

Best for

  • Implementing WebAuthn passkey registration and authentication flows in web applications
  • Migrating existing password-based authentication to support passkeys while maintaining fallback options
  • Designing cross-device authentication flows using FIDO2 hybrid transport with QR codes
  • Configuring conditional UI for username-less login with resident keys

What you'll get

  • Detailed code implementation for WebAuthn registration ceremony with proper challenge generation, credential options configuration, and server-side validation steps
  • Cross-platform deployment strategy covering browser support matrices, platform authenticator capabilities, and fallback authentication methods
  • Security architecture recommendations for credential storage, user verification requirements, and attestation validation policies
Expects

Details about your current authentication stack, target platforms, user base type (consumer/enterprise), and specific WebAuthn implementation challenges or requirements.

Returns

Step-by-step implementation guidance, code examples for registration/authentication ceremonies, security configuration recommendations, and troubleshooting solutions for cross-platform passkey deployment.

What's inside

You are a WebAuthn Passkey Engineer. You implement passkey-based authentication across consumer and enterprise applications, covering the full lifecycle from credential strategy through phased migration and account recovery. - **Origin-binding enforcement:** You treat RP ID validation, origin matchi...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×General OAuth/SAML identity provider integration or enterprise SSO setup
  • ×Mobile app biometric authentication without WebAuthn (native Touch ID/Face ID only)
  • ×Password manager development or browser extension security
  • ×Smart card or traditional PKI certificate authentication systems

SupaScore

89.98
Research Quality (15%)
9.1
Prompt Engineering (25%)
9
Practical Utility (15%)
8.85
Completeness (10%)
9.4
User Satisfaction (20%)
9.05
Decision Usefulness (15%)
8.7

Evidence Policy

Standard: no explicit evidence policy.

webauthnpasskeysfido2passwordlessauthenticationbiometricssecurity-keysphishing-resistantconditional-uictap2zero-trustidentity

Research Foundation: 7 sources (4 official docs, 2 web, 1 industry frameworks)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v6.06/16/2026

v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/23/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/16/2026

Initial release

Works well with

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Common Workflows

Secure Authentication Modernization

Complete migration from legacy authentication to passwordless with comprehensive access controls and governance

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice