Passkeys - what happens to my FIDO credentials when I move to passkeys?

Question

Created Aug ’22

Replies 2

Boosts 0

Views 1.8k

Participants 2

Hi everyone,

I have a website using FIDO2/WebAuthn. My current users have their FIDO credentials on the phone. As far as I understand, those credentials will not automatically synchronize with Passkeys when those users switch to iOS16 (meaning that their FIDO credential can't be used cross-device automatically). Is it true that, for example, if the keys were created with iOS15 on the phone, users will need to scan a QR Code on the desktop the first time to create the passkeys and add them to the iCloud Keychain?

If this was just too confusing let me know :) the bottom line is understanding if there is a way to "migrate" existing FIDO credentials created before iOS16 to Passkeys without scanning the QR Code one time.

Thanks!

Boost

Answer 1

Systems Engineer OP

Apple

Aug ’22

For users with legacy (i.e. device-bound) platform credentials, those credentials will continue to work after upgrading to iOS 16, but they will not sync or show up in the password manager. If you would like to upgrade an existing legacy credential to a passkey, you can do that! By rotating the credential (as defined in the WebAuthn spec, or see the "Change or reset a passkey" section here) on a device running iOS 16, the existing legacy credential will be replaced with a passkey.

0

Answer 2

craimundo OP

Aug ’22

Hi,

Thanks for the prompt response.

I was talking about credentials created on the phone but through WebAuthn on the browser, not native apps (the documentation you refer to is about native apps). Anything similar but for the web specs? I couldn't find in the webAuthN spec the rotating the credential concept. Maybe you can help me with a URL?

Thanks!

0