With usernameless authentication and authorization, you don't even need an input box for a username. This further reduces friction by having nothing for the user to type in to your website, app or service. Simply scan a QR code or start WebAuthn in usernameless mode.
When going usernameless, you have no inputs on your website, app or service. This means there is nothing to "stuff" or feed your forms with. There is not username enumeration attack possible, because there is no username needed.
How does it work?
If there is no username and no password, how does this technology work? A User scans a QR code using the Auth Armor Authenticator app or uses WebAuthn in usernameless mode, then the username is returned after authentication. To learn more, please visit our documentation about usernameless authentication