Build fluency in the vocabulary of WebAuthn/FIDO2 passwordless auth.
0 / 5 completed
1 / 5
A teammate explains that a user registers a public-key credential bound to a specific origin using a platform authenticator, a fingerprint sensor, Face ID, a hardware security key, and the server stores only the public key, verifying a signed challenge on every later login instead of storing or ever transmitting a shared secret like a password. What is being described?
WebAuthn/FIDO2 passwordless authentication is exactly what is described here. A DNS zone transfer is an unrelated concept about replicating name server records. Understanding WebAuthn/FIDO2 is exactly why it comes up so often in real engineering discussions of this kind of problem.
2 / 5
During a design review, the team adopts WebAuthn/FIDO2, specifically to gain a concrete benefit. Which capability does this provide?
WebAuthn/FIDO2 here provides phishing-resistant authentication with nothing valuable for a server breach to expose. Relying on a password as the sole proof of identity is the alternative this avoids. This behavior is exactly why WebAuthn/FIDO2 is favored in this kind of scenario.
3 / 5
In a code review, a dev notices a system relies on storing a hashed password as the sole proof of a user's identity and requiring that same shared secret to be transmitted on every single login attempt, instead of using WebAuthn/FIDO2. What does this represent?
This is a missed WebAuthn-opportunity, since an origin-bound public-key credential would resist phishing in a way a password never can. A cache eviction policy is an unrelated concept about discarded cache entries. This pattern is exactly the kind of gap a reviewer flags once the tradeoffs are understood.
4 / 5
An incident report shows a large batch of user accounts was compromised through a phishing site that captured passwords typed on a convincing fake login page, an attack that a phishing-resistant, origin-bound credential would have prevented entirely. What practice would prevent this?
Offering WebAuthn/FIDO2 passkey login so authentication is bound to the real origin and resistant to phishing, instead of relying solely on a password. Continuing the prior approach regardless of the risk it has already caused is exactly what led to the incident described here. This fix is the standard remedy once the root cause is confirmed.
5 / 5
During a PR review, a teammate asks why the team reaches for WebAuthn/FIDO2 instead of relying solely on a password for authentication. What is the reasoning?
WebAuthn trades upfront engineering work for phishing-resistant login with nothing valuable exposed in a breach, while password-only authentication is simpler but remains vulnerable to phishing and credential stuffing. This is exactly why WebAuthn/FIDO2 is favored in scenarios that call for it, while the alternative remains acceptable in simpler cases that don't.
What does the "WebAuthn/FIDO2 passwordless auth Vocabulary" vocabulary exercise cover?
This exercise tests real IT vocabulary related to webauthn/fido2 passwordless auth vocabulary through 5 multiple-choice questions, each built from realistic workplace sentences rather than abstract definitions.
Is this vocabulary exercise free to use?
Yes. Every exercise on CoderSlingo, including this one, is completely free — no account, sign-up, or payment required.
How many questions does this exercise have?
This exercise has 5 questions. Each one shows a real-world sentence or scenario with multiple-choice options and an explanation once you answer.
What happens after I answer a question?
You'll see immediate feedback showing whether your answer was correct, along with a short explanation of why — then a button to move to the next question, and a full results screen at the end.
Can I retry the exercise if I get questions wrong?
Yes. Once you reach the results screen, click "Try again" to reset your answers and go through the exercise from the start as many times as you like.
Do I need to create an account to take this exercise?
No account is needed. Your answers are scored in your browser during the session — nothing is saved to a server, so you can jump straight in.
Is my progress saved if I leave the page?
No — progress within an exercise resets if you navigate away or reload. Each exercise is short enough to complete in a few minutes in one sitting.
Are these vocabulary exercises connected to other topics?
Yes — browse the full vocabulary exercises hub to find related modules covering adjacent IT topics and roles.
How is this different from reading a glossary or blog article?
Exercises like this one are active recall drills — you have to choose the correct term or phrasing yourself, which builds retention faster than passively reading a definition.
Where can I find more vocabulary exercises?
Browse the full Vocabulary exercises hub for hundreds of modules covering Agile, DevOps, security, databases, architecture, and more — organised by IT role and skill.