Cross-Platform (Roaming) authenticators are portable devices that can be used across multiple platforms, services, or devices to authenticate a user. They are part of the FIDO2/WebAuthn framework, which provides passwordless and phishing-resistant authentication. Roaming authenticators typically communicate with the relying party (e.g., a website or service) via standard interfaces such as USB, NFC, or Bluetooth.

Key Characteristics of Cross-Platform Authenticators:

1. Portability: They are independent of the device you're logging in from. You can carry them around and use them to authenticate on different devices (e.g., laptop, smartphone).
2. Connection Methods: They can connect to the device where the login occurs via:
• USB (e.g., YubiKeys)
• Bluetooth (wireless)
• NFC (Near-Field Communication)
3. Security: The private key used for authentication never leaves the authenticator device, making it highly secure. Only the public key is shared with the service provider (relying party).
4. User Experience: Typically, users authenticate by plugging the roaming authenticator into the device (via USB) or tapping it (via NFC or Bluetooth) and sometimes pressing a button on the authenticator to confirm their identity.
5. Use Cases: They are ideal for scenarios where users need to authenticate across multiple devices (e.g., logging in to a web service from a public or personal computer) while ensuring strong security.

Examples of Cross-Platform Authenticators:

• Security keys like YubiKeys
• Mobile devices that support FIDO2 and can act as authenticators (when configured to function as such)

In contrast to platform authenticators, which are tied to a single device (like Face ID on an iPhone), cross-platform authenticators offer more flexibility since they are not tied to any specific device.