FIDO2 resident keys (the thing people are now calling passkeys) allow for multip... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

psanford on June 6, 2022 | parent | context | favorite | on: Apple Passkey

FIDO2 resident keys (the thing people are now calling passkeys) allow for multiple credentials for a single site. If you have a device that supports resident keys you can try this for yourself on https://webauthn.io.

There is also no way for a site to know if two sets of credentials belong to the same physical hardware device or not. Sites can request the attestation certificate, but that is not unique per device (the spec says the attestation cert should be shared by at least 100,000 devices). If you want to see the attestation cert for a fido(2) device, I made a little tool that will show it to you: https://what-the-fido.sanford.io/

sagz on June 8, 2022 [–]

Got "failed to register" on your website on my phone after doing the os level fingerprint auth

psanford on June 11, 2022 | [–]

Thanks for the heads up, it should be fixed now for android platform authenticators.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact