Passkeys Adoption

Hi, I watched through the video for passkeys and I have couple of questions for passkeys adoption cross channel/platform. when I try to login from PC for an account for which I have passkey generated from App, PC browser generates a QR code, iOS will act as the authenticator on the scan of QR code and logs the user in. Now,

  1. for subsequent Login, will the PC user be still shown QR code or is the QR code and authenticator from iOS just single time for enrollment and for loggin in subsequent time, browser can take care?
  2. Will there be any 2nd public private key pair generated from PC to handle subsequent login?
  3. if not, does the iphone need to be in close proximity every time?

My question is more towards the Keys generated for PC browser and subsequent logins from PC. can you please throw some light on above questions?

Up vote post of rprisram123 Down vote post of rprisram123
198 views
Posted by
rprisram123
Reply
Add a Comment

Accepted Reply

Great questions!

  1. A new QR code will be shown each time.
  2. This is up to the service you're signing in to. That website or app will be able to see that you signed in across devices, and we recommend that it offers the option for you to create an additional passkey on the client device. This would require an explicit registration step on the client device after you're signed in.
  3. If the service does not offer the option of enrolling an additional passkey, or you opt of doing so (e.g. because the client is a shared device), then yes the phone will need to be in proximity every time.
Posted by
Frameworks Engineer
Up vote reply of Frameworks Engineer Down vote reply of Frameworks Engineer
Post marked as solved
Add a Comment

Replies

Great questions!

  1. A new QR code will be shown each time.
  2. This is up to the service you're signing in to. That website or app will be able to see that you signed in across devices, and we recommend that it offers the option for you to create an additional passkey on the client device. This would require an explicit registration step on the client device after you're signed in.
  3. If the service does not offer the option of enrolling an additional passkey, or you opt of doing so (e.g. because the client is a shared device), then yes the phone will need to be in proximity every time.
Posted by
Frameworks Engineer
Up vote reply of Frameworks Engineer Down vote reply of Frameworks Engineer
Post marked as solved
Add a Comment

Thanks for responding.

can you please confirm if the below conclusion holds true?

If the PC browser is webAuthN compliant along with webauthN BE services and if the user has opted for saving passkey equivalent in that browser[registered], then, QR code wont be shown to user subsequent time and phone doesnt need to be in proximity.

Posted by
rprisram123
Up vote reply of rprisram123 Down vote reply of rprisram123

  • If you have two different passkeys saved for an account: one on the PC and one on your Apple devices, then those passkeys can be used independently. The devices don't need to be near each other.

    Frameworks Engineer
Add a Comment