• What is CTAP?

    Back to GlossaryBack to Glossary
    How does CTAP work?

    FIDO2 consists of two standardized components, a web API (WebAuthn) and a version 2 of CTAP. The two work together and are required to achieve a passwordless experience for login. The earlier FIDO U2F (Link to FIDO U2F Glossary) protocol working with external authenticators is now renamed to CTAP1 in the WebAuthn specifications.

    What’s the difference between CTAP1 and CTAP2?

    FIDO CTAP1 enables an external and portable authenticator (such as a hardware security key) to interoperate with a client platform (such as a computer). The CTAP specification refers to two protocol versions, the CTAP1/U2F protocol and the CTAP2 . CTAP1 is a new name for FIDO U2F.

    FIDO CTAP2 is responsible for the external factor, like a security key (link to security key page in glossary), communicating with the website or account using the authenticator. An authenticator that implements CTAP2 is called a FIDO2 authenticator (also called a WebAuthn authenticator). If that authenticator implements CTAP1/U2F as well, it is backward compatible with U2F.

    How can you use CTAP?

    Passwordless Authentication

    Strong single or multi-factor authentication using a hardware authenticator, eliminates the need for weak password-based authentication.

    Two Factor Authentication

    Strong two factor authentication using a hardware authenticator as an extra layer of protection beyond a password.

    Multi-Factor Authentication

    Strong multi-factor authentication using a hardware authenticator and a PIN or biometric, to meet high assurance requirements such as needed for financial transactions and ordering a prescription.

    Learn More

    Developer Resources

    Get Started

    Find the right YubiKey

    Take the quick Product Finder Quiz to find the right key for you or your business.

    Let’s startLet’s start
    Get protected today

    Browse our online store today and buy the right YubiKey for you.

    Shop nowShop now