WebAuthn Compatibility

WebAuthn support is not uniform across browsers. For services implementing WebAuthn, it is vital to note which user environments are supported, and have the appropriate error handling in the event of an unsupported browser.

Key:

Feature is supported

Feature is not supported

yes.png
no.png

Features

User Presence - The browser supports a physical user interaction to establish an event is not being initiated by a remote attacker. Support for user presence is mandatory for environments supporting WebAuthn, and for devices to be certified by the FIDO alliance. Support for Resident Key / Discoverable Credentials, User Verification or Passkeys means User Presence over FIDO2 is possible.

Resident Key / Discoverable Credential - The browser supports WebAuthn credentials stored on the authenticator. These credentials can be read to identify the user account without the user manually providing them.

User Verification (PIN / Biometric) - The browser supports an interface to allow a user to verify their identity via entering a WebAuthn PIN or Biometric.

Passkeys - The browser supports securely creating and using passkeys on a roaming authenticator.

CTAP 1 / U2F Legacy Support - The browser has legacy support for authenticators only supporting User Presence over U2F.

Windows 11 23H2

Browser

Resident Key / Discoverable Credential

User Verification (PIN / Biometric)

Passkeys on the YubiKey

CTAP 1 / U2F Legacy Support

Edge Chromium 124

USB

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

Chrome 124*

USB

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

Firefox 125

USB

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

*Notes on Chrome differences from other browsers

  • When a request to create a credential with a resident key is made User Verification is enforced even if the request has UV = 0.

MacOS 14.4.1

NFC support has been excluded since NFC is not supported on macOS browsers.

Browser

Resident Key / Discoverable Credential

User Verification (PIN / Biometric)

Passkeys on the YubiKey

CTAP 1 / U2F Legacy Support

Safari 17.4.1*

USB

yes.png
yes.png
yes.png

yes.png **

NFC

N/A

N/A

N/A

N/A

Chrome 124

USB

yes.png
yes.png
yes.png
yes.png

NFC

N/A

N/A

N/A

N/A

Firefox 125*

USB

yes.png
yes.png
yes.png
yes.png

NFC

N/A

N/A

N/A

N/A

*Safari & Firefox will not allow users to set a PIN for User Verification if one is not already set.

**Bug for FIDO/U2F registration issues for WebKit/Safari: https://bugs.webkit.org/show_bug.cgi?id=247344

iOS 17.4.1

Verified with iPhone XR

Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.

Browser

Resident Key / Discoverable Credential

User Verification (PIN / Biometric)

Passkeys on the YubiKey

CTAP 1 / U2F Legacy Support

Safari 17.4.1*

Lightning

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

Chrome 124*

Lightning

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

Firefox 125*

Lightning

yes.png
yes.png
yes.png
yes.png

NFC

yes.png
yes.png
yes.png
yes.png

*Browsers on iOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.

iPadOS 17.4.1

Verified with iPad 6th generation (Lightning), iPad Air (USB-C) 4th generation, and iPad Pro 2018 (USB-C)

Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.

NFC tests have been excluded since NFC is not supported on iPadOS browsers. USB-C is only available on iPad Pro and 4th and 5th generation iPad Air models.

Browser

Resident Key / Discoverable Credential

User Verification (PIN / Biometric)

Passkeys on the YubiKey

CTAP 1 / U2F Legacy Support

Safari 17.4.1*

Lightning

yes.png
yes.png
yes.png
yes.png

USB-C

yes.png
yes.png
yes.png
yes.png

NFC

N/A

N/A

N/A

N/A

Chrome 124*

Lightning

yes.png
yes.png
yes.png
yes.png

USB-C

yes.png
yes.png
yes.png
yes.png

NFC

N/A

N/A

N/A

N/A

Firefox 125*

Lightning

yes.png
yes.png
yes.png
yes.png

USB-C

yes.png
yes.png
yes.png
yes.png

NFC

N/A

N/A

N/A

N/A

*Browsers on iPadOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.

Android 14

Verified with Pixel 6 & Google Play Services 24.16

Android support for FIDO2 is linked to Google Play Services, and may be available on Google Play Protect certified devices running Android 9 or later, as long as they are running a current version of Google Play Services, and have a screen lock configured.

Currently the Android platform only supports the CTAP 1 (U2F) protocol over NFC. Support for Resident Keys / Discoverable Credentials, User Verification, and passkeys is available over USB.

Browser

Resident Key / Discoverable Credential*

User Verification (PIN / Biometric)

Passkeys on the YubiKey*

CTAP 1 / U2F Legacy Support

Chrome 124

USB

yes.png
yes.png
yes.png
yes.png

NFC

no.png
no.png
no.png
yes.png

Firefox 125

USB

no.png
no.png
no.png
no.png

NFC

no.png
no.png
no.png
no.png

*Android will prevent the use of passkeys / resident keys / discoverable credentials on a security key, if there is already at least one synced passkey in Google password manager for the same web site.

**Bug for Firefox mobile support of security keys: https://bugzilla.mozilla.org/show_bug.cgi?id=1888654