...
- For this test, you need a computer or mobile device and a hardware or software authenticator. It may be:
- Hardware authenticator, such as YubiKey.
- Operating system authenticator, such as Touch ID or Windows Hello.
- Software authenticator, such as tpm-fido.
- Password manager with passkey support, such as Dashlane.
- The actions performed during this test are parts of regular usage and should not affect the authenticator in any way. However, you may choose to use a brand-new authenticator, reset or clear it to avoid any conflicts during the test.
- If necessary, delete the passkey that you create during this testing if it prevents you from creating it again. This should not happen, but if it does, please provide a screenshot and an accompanying note. If you are willing to, reset the authenticator's settings (e.g., disable PIN, unregister fingerprint).
- xx
- Then don't test it, or fill "yes" into "I registered a PIN/password/finger/face in the authenticator before the session".
- Fill in the details in the table below:
Tester: | |
|---|---|
| }}Date: Use '//' to input date{15{ |
|
| }}Authenticator (or device) vendor: Yubico, Apple, Dell, HP, Android phone brand...{3{ | Lenovo |
| }}Authenticator (or device) model: YubiKey 5 NFC, iPhone 13, PC model name, MacBook year size, MacBook Air year size, MacBook Pro year size...{20{ | IdeaPad 720S 14in |
| }}OS and its version: iOS 13, macOS 10.5.8, Windows 10 22h222H2, Windows 11 22h222H2, Android 13...{25{ | Windows 11 22H2 |
| }}Browser and its version: Chrome 114, Firefox 114...{30{ | Firefox 114 |
| }}I registered a PIN/password/finger/face in the authenticator before the session: Enter yes or noYes or No (The situation where you have not previously registered in the authenticator is interesting for checking if the passkey creation will trigger user registration.){35{ | Yes |
}}
- Be prepared to capture screenshots of each system/browser dialogue that appears. Later in this process, you will register a passkey multiple times.
...
- If there are any options or settings related to "passkeys", "security keys" or similar in your OS/device/spaceship settings (related to the authenticator you are going to use), capture screenshots and paste or attach them here.
- If you are using a password manager, capture its passkey-related options.
- If you are using a browser supporting passkeys, capture its options instead.
- If f you are using an operating system to manage passkeys, capture its options instead.
This is an exemplary path, only screenshot the passkey options (the rightmost screen below):
Possible locations:
- Windows 11: Settings > Accounts > Passkeys
- iOS: Settings > Apple ID > iCloud > Passwords & Keychain
- Chrome (Windows): Settings > Autofill and passwords > Password Manager > Manage passkeys
These are exemplary paths. You need to screenshot the only passkey-relates options. Please paste screenshots in or outside this table as suitable:
Still not having anything, the above is from | |||
Get diagnostics
- Open https://webauthntest.identitystandards.io/.
- Click the "..." button.
}}Copy-paste the diagnostic results on the right as text (rows are labelled the same): Platform authenticator (isUVPAA) : Conditional Mediation (Autofill UI) : CTAP2 support (Firefox) : {40{ | Platform authenticator (isUVPAA) Available Conditional Mediation (Autofill UI) Not defined CTAP2 support (Firefox) Supported |
|---|
...
- Click the "+" button to create a passkey. Choose the following values:
- RP Info: This domain
- User Info: Bob
- Attachment: undefinedUndefined
- Require Resident Key: trueTrue
- Resident Key (L2): requiredRequired
It should look like this:
...
- Capture and paste below the screenshot of various prompts, screens, dialogues, questions or messages that show up during passkey registration as you encounter them.
- If some options are offered, snapshot them as well, but do not change anything.
- Capture screenshots at each step of the first passkey creation.
- Also, capture screenshots when new screens appear during subsequent passkey creations and add them here.
- Try not to duplicate screenshots of the same steps, as interactions will likely look similar.
If you encounter an error message like "Authenticator data cannot be parsed", it indicates that the combination of arguments used is not supported by the authenticator being tested.
- You can add a note to a screenshot if you encounter an error or find something interesting.
Please insert or paste screenshots in or outside this table as suitable, preferably putting the related screenshots in one row (you can place a note beneath an image in the same cell):
|
| ||
On Use ES***, Use EdDSA |
|
|
after After Cancel |
Test User Verification
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
- Select User Verification: Required and click CREATE.
- Follow the requested steps to create a passkey, then copy-paste the result from the web app.
- Note that the latest result is the rightmost in the bottom row. You may delete already pasted results.
- All authenticators should be able to register multiple passkeys for the same domain, so you do not need to delete the previously created one. Is this creation of multiple passkeys or an override of the old one?
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@xample.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | Error - requested Unsupported |
|---|
}}
- Uncheck Use ES256, check Use ES384 and click CREATE.
- Follow the requested steps to create a passkey, then copy-paste the result from the web app.
Copy-paste the result on the right: | Unsupported |
|---|
}}
- Uncheck Use ES384, check Use ES512 and click CREATE.
- Follow the requested steps to create a passkey, then copy-paste the result from the web app.
Copy-paste the result on the right: | Unsupported |
|---|
}}
- Uncheck Use ES512, check Use RS256 and click CREATE.
- Follow the requested steps to create a passkey, then copy-paste the result from the web app.
Copy-paste the result on the right: | bob@example.comCredential ID RP ID AAGUID Credential Registration Data [more details] Last Authentication Data [more details] |
|---|
...
Copy-paste the result on the right: | Error - requested security key, I chose 'Cancel' |
|---|
}}
What about passkey usage testing and screenshots?
Conclusion
Do you have any additional observations or comments related to the entire procedure:{125{ |
|---|
}}That was all.
- Please, do not forget to paste any pending screenshots in the above tables.