In its core, WebAuthn is a way for a site to say "I want to authenticate" and the browser/device to say "OK, here are my credentials".
Nothing is stopping you from generating a private key from a password that you have in your head, and using that to authenticate to every site.
Obviously, if that password gets stolen, the thief can get into any of your accounts, but that's a choice you have to make. WebAuthn doesn't mandate a specific way of storing credentials.
Nothing is stopping you from generating a private key from a password that you have in your head, and using that to authenticate to every site.
Obviously, if that password gets stolen, the thief can get into any of your accounts, but that's a choice you have to make. WebAuthn doesn't mandate a specific way of storing credentials.