Managing webauthn credentials across multiple devices
Question
I am trying to integrate webauthn(public key) based authentication into our website.I am facing a problem when end users are switching devices.
How do we maintain at the backend the credentials registered per device, if we don't how to decide whether to show webauthn based auth or now for the current device?
These are the only solutions i could think of:
- Use localStorage, cookies etc to store a device identifier but all of these can be cleared by end user
- If keys are registered on one device we show them web authn on every device and if keys can't be found we ask them to register on this device
1 answers
solution1
3 ACCPTED 2022-05-04 09:45:51
You're highlighting one of the key issues that WebAuthn currently has, especially for platform authenticators like Windows Hello, Touch ID, etc.
The solutions you suggest are basically all you can do, but be aware that both are far from perfect. Especially local storage can be a real rabbit hole.
You may want to take a look at FIDO Alliance's latest white paper around "multi-device FIDO credentials" where you'll learn what the industry is doing to improve the situation: https://fidoalliance.org/white-paper-multi-device-fido-credentials/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.