FIDO2 and Web Authn are intended to replace normal passwords. Biometric data, like a fingerprint, will back up your online accounts. A hardware token, like a USB stick, can be used for authentication. These devices are referred to as authenticators in the context of FIDO. Communication between this token and the user’s system is regulated by CTAP. Therefore, the protocol determines how the two components must communicate with each other in order to successfully authenticate and log-in to work on the web.
CTAP is available in two different versions. The first version of the protocol was also known as Universal 2nd Factor (U2F) and refers primarily to two factor authentication. CTAP2 is used for innovation surrounding FIDO2. The new protocol, in combination with WebAuthn, makes FIDO2 work. WebAuthn regulates the connection between the user’s system and the website where the person needs to identify themselves. CTP, on the other hand, regulates the connection between the authenticator and the user’s PC or laptop – or the browser on the platform, since the user is responsible for authentication.