Many users consider passwords extremely burdening. An authentication protocol for websites, called WebAuthn, could render them obsolete. Users can use it to log on to a service such as a social network or an online shopping platform with their smartphone or computer. The process is quick and easy when using biometric data such as fingerprint or face recognition, which are often already stored to unlock the device. “It is not surprising that this can create the impression that the biometric data is transmitted to the website to which you want to log in, similar to a password. But this is a misconception,” says Leona Lassak from Ruhr-Universität Bochum (RUB).