WebAuthn support is not uniform across browsers. For services implementing WebAuthn, it is vital to note which user environments are supported, and have the appropriate error handling in the event of an unsupported browser.
Feature is supported |
Feature is not supported |
User Presence - The browser supports a physical user interaction to establish an event is not being initiated by a remote attacker. Support for user presence is mandatory for environments supporting WebAuthn, and for devices to be certified by the FIDO alliance. Support for Resident Key / Discoverable Credentials, User Verification or Passkeys means User Presence over FIDO2 is possible.
Resident Key / Discoverable Credential - The browser supports WebAuthn credentials stored on the authenticator. These credentials can be read to identify the user account without the user manually providing them.
User Verification (PIN / Biometric) - The browser supports an interface to allow a user to verify their identity via entering a WebAuthn PIN or Biometric.
Passkeys - The browser supports securely creating and using passkeys on a roaming authenticator.
CTAP 1 / U2F Legacy Support - The browser has legacy support for authenticators only supporting User Presence over U2F.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Edge Chromium 112 |
USB |
||||
NFC |
|||||
Chrome 112* |
USB |
||||
NFC |
|||||
Firefox 112 |
USB |
||||
NFC |
*Notes on Chrome differences from other browsers
When a request to create a credential with a resident key is made User Verification is enforced even if the request has UV = 0.
NFC support has been excluded since NFC is not supported on macOS browsers.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 16.4* |
USB |
** |
|||
NFC |
N/A |
N/A |
N/A |
N/A |
|
Chrome 112 |
USB |
||||
NFC |
N/A |
N/A |
N/A |
N/A |
|
Firefox 114* |
USB |
||||
NFC |
N/A |
N/A |
N/A |
N/A |
*Safari & Firefox will not allow users to set a PIN for User Verification if one is not already set.
**Bug for FIDO/U2F registration issues for WebKit/Safari: https://bugs.webkit.org/show_bug.cgi?id=247344
Verified with iPhone 13, 12, 11, XR, XS and iPhone 8
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 16.4* |
Lightning |
||||
NFC |
|||||
Chrome 112* |
Lightning |
||||
NFC |
|||||
Firefox 112* |
Lightning |
||||
NFC |
*Browsers on iOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.
Verified with iPad 6th generation (Lightning), iPad Air (USB-C) 4th generation, and iPad Pro 2018 (USB-C)
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
NFC tests have been excluded since NFC is not supported on iPadOS browsers. USB-C is only available on iPad Pro and 4th and 5th generation iPad Air models.
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Safari 16.4* |
Lightning |
||||
USB-C |
|||||
NFC |
N/A |
N/A |
N/A |
N/A |
|
Chrome 112* |
Lightning |
||||
USB-C |
|||||
NFC |
N/A |
N/A |
N/A |
N/A |
|
Firefox 112* |
Lightning |
||||
USB-C |
|||||
NFC |
N/A |
N/A |
N/A |
N/A |
*Browsers on iPadOS are not able to set a PIN for user verification (UV) if one is not already set. Requests to create a credential that requires UV may appear to succeed, but create a credential that will not require a PIN.
Verified with Pixel 6
Currently the Android platform only supports CTAP1 (U2F) authenticators. Android does support clients (browsers) making WebAuthn requests to a relying party
Browser |
Resident Key / Discoverable Credential |
User Verification (PIN / Biometric) |
Passkeys on the YubiKey |
CTAP 1 / U2F Legacy Support |
|
Chrome 112 |
USB |
||||
NFC |
|||||
Firefox 112 |
USB |
||||
NFC |