You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

How to test

  1. Prepare the authenticator that you want to test. It is ideal to only use it for the test once, otherwise it might be needed to delete the passkey and reset the authenticator's settings (e.g. disable PIN).
  2. Open https://webauthntest.identitystandards.io/ Be prepared to take screenshots of each system/browser dialog that appears. Try registering multiple times with all the different values mentioned below, and save the parameters used and the result each time.
  3. Click the "..." button and put down the results of the diagnostic.
  4. Click the "+" button to create a passkey. Choose the following values:
    1. RP Info: This domain
    2. User Info: Bob
    3. Attachment: undefined
    4. Require Resident Key: true
    5. Resident Key (L2): required
  5. Try out these:
    1. User Verification: Discouraged/Required (the result should be identical)
  6. Leave User Verification: Required and try out these:
    1. Attestation: Enterprise/Direct/Indirect/None (or Undefined if nothing else works)
  7. Leave Attestation: None and try out these:
    1. CredProtect Extension: userVerificationOptional/userVerificationOptionalWithCredentialIDList/userVerificationRequired (or Undefined if nothing else works)
  8. Reset CredProtect Extension to Undefined and try out the encryption algorithms by unchecking all checkboxes (Use ES256, Use ES384, Use ES512, Use RS256, Use EdDSA) and repeating the registration once for each algorithm (only select one algorithm at a time)

If there is an error like "Authenticator data cannot be parsed", it means that the select combination of arguments is not supported by the examined authenticator.

Fill in the detailed results in the following template:

Authenticator vendor
Authenticator model
Authenticator was setup for UV before testyes/no
OS+version
browser+version
Platform authenticator (isUVPAA)
Conditional Mediation (Autofill UI)
CTAP2 support (Firefox)

1. User Verification: Discouraged


2. User Verification: Required
3. Attestation: Enterprise
4. Attestation: Direct
5. Attestation: Indirect
6. Attestation: None
7. CredProtect Extension: userVerificationOptional
8. CredProtect Extension: userVerificationOptionalWithCredentialIDList
9. CredProtect Extension: userVerificationRequired
10. ES256
11. ES384
12. ES512
13. RS256
14. EdDSA

Then add send the results / add them to the table below.

Summarized results

Authenticator vendorAuthenticator modelAuthenticator was setup for UV before testOS+versionbrowser+version
YubicoYubiKey 5no


YubicoYubiKey 5yes


MicrosoftWindows Hello
Windows 10 without TPM

MicrosoftWindows Hello
Windows 10 with TPM

MicrosoftWindows Hello
Windows 11 (with TPM)







  • No labels