Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, to set a PIN protecting the non-discoverable credentials. The FIDO PIN can be changed while you have access to the authenticator and not to the credentials it previously created.


User verification is optional.

If you only do user presence and non-discoverable, then WebAuthn is completely stateless and deterministic for a given (challenge,rpId,origin) triplet


Isn't a 'passkey' with no discoverable credentials and no user verification just a regular U2F token?


Well, it could still provide credBlob (up to 32 bytes of data stored in the non-discoverable credential and handed back after verification). But mostly yes, it's losing the advantages of FIDO2.


Modulo supporting more algorithms -- yes




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: