WebAuthn Compatibility
The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO. This enables users to have FIDO-based authentication to websites.
This is underlaying functionality that allows you to use your YubiKey with Yubico Authentication on supported browsers and platforms.
WebAuthn Platform Compatibility
WebAuthn support is not uniform across browsers. For services implementing WebAuthn, it is vital to note which user environments are supported, and have the appropriate error handling in the event of an unsupported browser.
Features
- User Presence - The browser supports a physical user interaction to establish an event is not being initiated by a remote attacker.
- Resident Key / Discoverable Credential - The browser supports WebAuthn credentials stored on the authenticator. These credentials can be read to identify the user account without the user manually providing them.
- User Verification (PIN / Biometric) - The browser supports an interface to allow a user to verify their identity via entering a WebAuthn PIN or Biometric.
- CTAP 1 / U2F Legacy Support - The browser has legacy support for authenticators only supporting U2F.
Windows 10 21H1
Edge Chromium 91
User Presence (touch) : USB, NFC
Resident Key/Discoverable Credential : USB, NFC
User Verification (PIN/Biometric) : USB, NFC
CTAP 1/U2F Legacy Support : USB, NFC
Chrome 91
User Presence (touch) : USB, NFC
Resident Key/Discoverable Credential : USB, NFC
User Verification (PIN/Biometric) : USB, NFC
CTAP 1/U2F Legacy Support :USB, NFC
Firefox 89
User Presence (touch) : USB, NFC
Resident Key/Discoverable Credential : USB, NFC
User Verification (PIN/Biometric) : USB, NFC
CTAP 1/U2F Legacy Support : USB, NFC
Notes: Chrome differences from other browsers. When a request to create a credential with a resident key is made User Verification is enforced even if the request has UV = 0.
MacOS 11.4
NFC support has been excluded since NFC is not supported on macOS browsers.
Safari 14.6 (note 1)
User Presence (touch) : USB
Resident Key/Discoverable Credential : USB
User Verification (PIN/Biometric) : USB
CTAP 1/U2F Legacy Support : USB
Chrome 91
User Presence (touch) : USB
Resident Key/Discoverable Credential : USB
User Verification (PIN/Biometric) : USB
CTAP 1/U2F Legacy Support : USB
Firefox 89 (note 2)
User Presence (touch) : none
Resident Key/Discoverable Credential : none
User Verification (PIN/Biometric) : none
CTAP 1/U2F Legacy Support : USB
Note 1: Safari will not allow users to set a PIN for User Verification if one is not already set.
Note 2: Bug for FIDO2 support on MacOS: https://bugzilla.mozilla.org/show_bug.cgi?id=1530370
iOS 14
Verified with iPhone 12, 11, XR, XS and iPhone 8.
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
Safari 14.6 (note 1)
User Presence (touch) : Lightning, NFC
Resident Key/Discoverable Credential : Lightning, NFC
User Verification (PIN/Biometric) : Lightning, NFC
CTAP 1/U2F Legacy Support : Lightning, NFC
Chrome 91 (note 1)
User Presence (touch) : Lightning, NFC
Resident Key/Discoverable Credential : Lightning, NFC
User Verification (PIN/Biometric) : Lightning, NFC
CTAP 1/U2F Legacy Support : Lightning, NFC
Firefox 34.2 (note 1)
User Presence (touch) : Lightning, NFC
Resident Key/Discoverable Credential : Lightning, NFC
User Verification (PIN/Biometric) : Lightning, NFC
CTAP 1/U2F Legacy Support : Lightning, NFC
Note 1: If a PIN is already set on the YubiKey, then a browser will display a PIN prompt only when creating a credential and when user verification has not been requested. Any request for user verification will fail if there is no PIN set on the YubiKey.
iPadOS 15.5
Verified with iPad 6th generation (Lightning), iPad Air (USB-C) 4th generation, and iPad Pro 2018 (USB-C).
Most browsers on Apple mobile devices use Apple WebKit. As such, these browsers will have all the same functionality available.
NFC tests have been excluded since NFC is not supported on iPadOS browsers. USB-C is only available on iPad Pro and 4th and 5th generation iPad Air models.
Safari 14.6 (note 1)
User Presence (touch) : Lightning, USB-C
Resident Key/Discoverable Credential : Lightning, USB-C
User Verification (PIN/Biometric) : Lightning, USB-C
CTAP 1/U2F Legacy Support : Lightning, USB-C
Chrome 91 (note 1)
User Presence (touch) : Lightning
Resident Key/Discoverable Credential : Lightning
User Verification (PIN/Biometric) : Lightning
CTAP 1/U2F Legacy Support : Lightning
Firefox 34.2 (note 1)
User Presence (touch) : Lightning
Resident Key/Discoverable Credential : Lightning
User Verification (PIN/Biometric) : Lightning
CTAP 1/U2F Legacy Support : Lightning
Note 1: If a PIN is already set on the YubiKey, then a browser will display a PIN prompt only when creating a credential and when user verification has not been requested. Any request for user verification will fail if there is no PIN set on the YubiKey.
Android 11
Verified with Pixel 3a
Currently the Android platform only supports CTAP1 (U2F) authenticators. Android does support clients (browsers) making WebAuthn requests to a relying party.
Chrome 91
User Presence (touch) : none
Resident Key/Discoverable Credential : none
User Verification (PIN/Biometric) : none
CTAP 1/U2F Legacy Support : USB, NFC
Firefox 89.1
User Presence (touch) : none
Resident Key/Discoverable Credential : none
User Verification (PIN/Biometric) : none
CTAP 1/U2F Legacy Support : none
To file a support ticket with Yubico, click Support.