Versions Compared

Old Version 17

changes.mady.by.user Branko Marovic

Saved on

compared with

New Version 18

changes.mady.by.user Branko Marovic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • For this test, you need a computer or mobile device and a hardware or software authenticator. It may be:
    • Hardware authenticator, such as a YubiKey.
    • Operating system authenticator, such as Touch ID or Windows Hello.
    • Software authenticator, such as tpm-fido.
    • Password manager with passkey support, such as Dashlane.
  • The actions performed during this test are parts of regular usage and should not affect it in any way. However, you may decide to use a brand-new authenticator, reset or clear it to avoid any conflicts during the test.
  • If necessary, delete the passkey that you create during this testing if it prevents you from creating it again. This should not happen, but if it does, please provide a screenshot and an accompanying note. If you are willing to, reset the authenticator's settings (e.g., disable PIN, unregister fingerprint).
  • xx
  • Then don't test it, or fill "yes" into "I registered a PIN/password/finger/face in the authenticator before the session".
  • Fill in the details in the table below:

...

Copy-paste the result on the right:
Put unsupported if there was an error{5055{


}}

  • Select Attestation: Direct and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right:
Put unsupported if there was an error{5060{


}}

  • Select Attestation: Indirect and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right:
Put unsupported if there was an error{5065{


}}

  • Select Attestation: None and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right:
Put unsupported if there was an error{5070{


}}

  • If none of the previous four tries worked,
    • Select Attestation: Undefined and click CREATE.
    • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the result on the right:
Put unsupported if there was an error{5075{


}}

  • If Attestation: Direct worked, select it; otherwise, if Attestation: Indirect worked, select it; otherwise select Attestation: Undefined.

...

  • Select CredProtect Extension: userVerificationOptionaland click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the

...

result on the right:
Put unsupported if there was an error

...

{80{


}}

  • Select CredProtect Extension: userVerificationOptionalWithCredentialIDListand click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error

...

{85{


}}

  • Select CredProtect Extension: userVerificationRequiredand click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error

...

{90{


}}

  • If none of the previous three tries worked, select
    • Select CredProtect Extension: Undefinedand click CREATE.
    • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the

...

result on the right:
Put unsupported if there was an error{95{


}}

  • If Attestation: Direct worked, select it; otherwise, if Attestation: Indirect worked, select it; otherwise select Attestation: Undefined.Select CredProtect Extension: Undefined (if not selected already).

Test cryptography

  • Uncheck all the following checkboxes: Use ES256, Use ES384, Use ES512, Use RS256, Use EdDSA.
  • Check Use ES256 and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste the

...

result on the right:
Put unsupported if there was an error

...

{100{


}}

  • Uncheck UseES256, check Use ES384 and  and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error

...

{105{


}}

  • Uncheck UseES384, check Use ES512 and  and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error

...

{110{


}}

  • Uncheck UseES512, check Use RS256 and  and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error{115{


}}

  • Uncheck .Uncheck UseRS256, check Use EdDSA
  • and click CREATE.
  • Follow the requested steps to create a passkey, then copy-paste the result from the web app.

Copy-paste

...

the result on the right:
Put unsupported if there was an error

...

I would skip this, and if needed, place some identifying labels above for easier extraction from test results pages.

The results will be aggregated into the summarised table below.

...

1. User Verification: Discouraged

{120{


}}

...