Docs

Terms

Last modified on February 2, 2026 • 9 min read • 1,711 words
Share via
A list of terms which are used frequently throughout this site and in discussions about passkeys, FIDO2, and WebAuthn.
2FA user   2-Factor Authentication (2FA)   Account bootstrapping   Attestation   Authentication factor   Autofill UI   Credential Manager   Cross-Device Authentication (CDA)   CDA Client   CDA Authenticator   Conditional Mediation   Conditional UI   Conditional Create   Credential Exchange   Device-bound passkey   Discoverable Credential   First-Party Passkey Provider   Login challenge   Logging in   Passkey   Passkey Provider   Passkey Upgrades   Persistent Linking   Platform authenticator   Reauthentication   Relying Party (RP)   Roaming authenticator   Signing in   Single-device passkey   Synced passkey   Third-Party Passkey Provider   User Presence (UP)   User Verification (UV)   User-Verifying Roaming Authenticator  

2FA user  

A user whose account has 2FA turned on, i.e., who must present 2 authentication factors during sign-in.

2-Factor Authentication (2FA)  

also sometimes referred to as MFA: multi-factor authentication or 2SV: two-step verification

This refers to a contract between a user and a Relying Party (RP) where the RP must collect at least two distinct authentication factors from the user during a bootstrap sign-in.

Account bootstrapping  

A Relying Party (RP) authenticates a user without any prior knowledge of who the user is. This means that the RP not only has to verify the identity of the user (checking the password, verifying cryptographic signatures, etc), it also has to establish the identity of the user (figure out the user id, username, etc. of the user who’s signing in). This may happen when a user signs into an existing account for the first time on a newly-purchased device; or when a user logs into a website for the first time in a given browser instance. Or when a user logs into a website in a private browsing session. Or when a user signs into a mobile app for the first time on a given device (contrast this with reauthentication below).

Note that this is different from creating an account with a service in the first place.

Attestation  

Attestation is an optional statement provided by an authenticator which can be used by a Relying Party to identify and verify the provenance of the authenticator.

WebAuthn Spec Reference  

Authentication factor  

Information provided by a user (or one of the user’s devices) for purposes of authentication, usually in response to a login challenge. Often categorized into “knowledge factors” (e.g. passwords), “something you have” factors (e.g. another already signed-in device), and “something you are” factors (e.g. biometrics). Note that a single login challenge may collect multiple factors simultaneously.

Autofill UI  

A privacy preserving list UI element that is rendered by the browser (or the OS platform in the case of native apps), in cooperation with the platform authenticator, on username and/or password fields that have the webauthn value included in the autocomplete attribute.

This UI element provides a list of passkeys that are available for the Relying Party (RP) on the local device, and may also provide an option to kick off Cross-Device Authentication (CDA) or use a FIDO2 security key.