Too Long; Didn't Read
The Web Authentication API (also referred to as WebAuthn) uses asymmetric (public-key) cryptography instead of passwords or SMS texts for registering, authenticating, and second-factor authentication with websites. This resolves significant security problems related to phishing, data breaches, and attacks against SMS texts. The API is intended to register new credentials on a server and later use those same credentials on that same server to authenticate a user. This is a new concept in authentication: when authenticating using passwords, the password is stored in a user's brain and no other device is needed.