+`u2f`: `[appid=<APPID>] [,origin=<URL>]` ::
+
+u2f
+
+`appid`=`<APPID>` ;;
+
+U2F AppId URL override. Defaults to the origin.
+
+`origin`=`<URL>` ;;
+
+U2F Origin override. Mostly useful for single nodes with a single URL.
+
+`webauthn`: `[id=<DOMAINNAME>] [,origin=<URL>] [,rp=<RELYING_PARTY>]` ::
+
+webauthn configuration
+
+`id`=`<DOMAINNAME>` ;;
+
+Relying part ID. Must be the domain name without protocol, port or location. Changing this *will* break existing credentials.
+
+`origin`=`<URL>` ;;
+
+Site origin. Must be a `https://` URL (or `http://localhost`). Should contain the address users type in their browsers to access the web interface. Changing this *may* break existing credentials.
+
+`rp`=`<RELYING_PARTY>` ;;
+
+Relying party name. Any text identifier. Changing this *may* break existing credentials.
+