Chrome for Developers’ Post

View organization page for Chrome for Developers, graphic
Chrome for Developers

7,363 followers

Passkeys are transforming authentication, but sometimes keeping the passkeys on a user's device consistent with the public keys on the server can pose a challenge. The WebAuthn Signal API helps avoid user confusion by letting servers tell password managers about changes to accounts, like deleted keys or updated usernames. This means smoother logins and less head-scratching for users when passkeys seem to disappear or have outdated info. Learn more about keeping passkeys consistent with public keys on the server → https://goo.gle/40SA0Nh #PasskeysWeek

  • Signal API for passkeys on Chrome desktop Starting from Chrome 132, Chrome desktop (macOS, Windows, Linux and ChromeOS) supports the Signal API that can keep the passkeys on passkey providers consistent with public key credentials on the relying party's server. When a passkey (a discoverable credential) is created, metadata such as a username and a display name are saved to the passkey provider (such as a password manager) along with the private key, and the public key credential is saved to the relying party's (RP's) server. Saving the username and display name helps the user to identify which passkey to sign in with, because the user is asked to select a passkey upon signing in. This is especially useful when they have more than two passkeys from different passkey providers. However, there are a couple of cases where differences between the passkey list on the passkey provider and the credential list on the server can cause confusion.
Felix Magedanz

Making the Internet more secure, one passkey at a time

4d

Signal API is extremely useful for the passkey ecosystem. Hopefully all browsers and OS will add support quickly.

Like
Reply
1 Reaction

To view or add a comment, sign in

Chrome for Developers

7,363 followers

View Profile

Explore topics