WebAuthn Compatibility
WebAuthn support is not uniform across browsers. For services implementing WebAuthn, it is vital to note which user environments are supported, and have the appropriate error handling in the event of an unsupported browser.
Key:
Feature is supported |
Feature is not supported |
|
|
|
Features
User Presence - The browser supports a physical user interaction to establish an event is not being initiated by a remote attacker. Support for user presence is mandatory for environments supporting WebAuthn, and for devices to be certified by the FIDO alliance. Support for Resident Key / Discoverable Credentials, User Verification or Passkeys means User Presence over FIDO2 is possible.
Resident Key / Discoverable Credential - The browser supports WebAuthn credentials stored on the authenticator. These credentials can be read to identify the user account without the user manually providing them.
User Verification (PIN / Biometric) - The browser supports an interface to allow a user to verify their identity via entering a WebAuthn PIN or Biometric.
Passkeys - The browser supports securely creating and using passkeys on a roaming authenticator.
CTAP 1 / U2F Legacy Support - The browser has legacy support for authenticators only supporting User Presence over U2F.
Windows 11 23H2
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Edge Chromium 124 |
USB |
|
|
|
|
NFC |
|
|
|
|
|
Chrome 124* |
USB |
|
|
|
|
NFC |
|
|
|
|
|
Firefox 125 |
USB |
|
|
|
|
NFC |
|
|
|
|
|
*Notes on Chrome differences from other browsers
-
When a request to create a credential with a resident key is made User Verification is enforced even if the request has UV = 0.
MacOS 14.4.1
NFC support has been excluded since NFC is not supported on macOS browsers.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 17.4.1* |
USB |
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
Chrome 124 |
USB |
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
Firefox 125* |
USB |
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
*Safari & Firefox will not allow users to set a PIN for User Verification if one is not already set.
**Bug for FIDO/U2F registration issues for WebKit/Safari: https://bugs.webkit.org/show_bug.cgi?id=247344
iOS 17.4.1
Verified with iPhone XR
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 17.4.1* |
Lightning |
|
|
|
|
NFC |
|
|
|
|
|
Chrome 124* |
Lightning |
|
|
|
|
NFC |
|
|
|
|
|
Firefox 125* |
Lightning |
|
|
|
|
NFC |
|
|
|
|
|
*Browsers on iOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.
iPadOS 17.4.1
Verified with iPad 6th generation (Lightning), iPad Air (USB-C) 4th generation, and iPad Pro 2018 (USB-C)
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
NFC tests have been excluded since NFC is not supported on iPadOS browsers. USB-C is only available on iPad Pro and 4th and 5th generation iPad Air models.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 17.4.1* |
Lightning |
|
|
|
|
USB-C |
|
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
Chrome 124* |
Lightning |
|
|
|
|
USB-C |
|
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
Firefox 125* |
Lightning |
|
|
|
|
USB-C |
|
|
|
|
|
NFC |
N/A |
N/A |
N/A |
N/A |
|
*Browsers on iPadOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.
Android 14
Verified with Pixel 6 & Google Play Services 24.16
Android support for FIDO2 is linked to Google Play Services, and may be available on Google Play Protect certified devices running Android 9 or later, as long as they are running a current version of Google Play Services, and have a screen lock configured.
Currently the Android platform only supports the CTAP 1 (U2F) protocol over NFC. Support for Resident Keys / Discoverable Credentials, User Verification, and passkeys is available over USB.
Browser |
Resident Key / Discoverable Credential* |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey* |
CTAP 1 / U2F Legacy Support |
|
Chrome 124 |
USB |
|
|
|
|
NFC |
|
|
|
|
|
Firefox 125 |
USB |
|
|
|
|
NFC |
|
|
|
|
|
*Android will prevent the use of passkeys / resident keys / discoverable credentials on a security key, if there is already at least one synced passkey in Google password manager for the same web site.
**Bug for Firefox mobile support of security keys: https://bugzilla.mozilla.org/show_bug.cgi?id=1888654