Here we will just test the workflow that is using Webauthn.  Requirements and setup: Your site should be https WITH a valid certificate. Can also use ngrok. Anything else will make the setup page fail silently (reported here MDL-81285 ).  Use at least chrome Login as administrator Go to Site admin > plugins > admin tools > Multi-factor authentication Check the "MFA plugin enabled" Enable the "Security key" plugin Test WebAuthn factor test (Security key) - Only applied to Admins Click on user profile picture in header, the click on  Preferences Click on  Multi-factor authentication preferences  in  User account  block Look for "Security key" block under "Available factors" the click on the  Setup authenticator  button Set Security key  Name  to any names (This field is required) Click on  Register authenticator  and you will be ask to choose the authentication device You can choose any or finger print if you have that in your machine then  Save changes Go to another "Testing" browser Do not log off, open a new browser for testing (private browsing for example) Login as administrator Confirm  that you are taken to a page where you will authenticate using the "WebAuthn" Click on  Verify authenticator  button then follow the same steps when you  registered  the authenticator Confirm that once the authentication succeed, you are taken to the home page Warning : If you have inadvertantly messed things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0