Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To ensure a successful test of the authenticator, please follow these steps:

  • For this test you need a computer or mobile device and a hardware or software authenticatorPrepare the authenticator that you wish to test. It is recommended to use it only for this test to avoid any conflicts. If necessary, delete the passkey. If you are willing to, reset the authenticator's settings (e.g., disable PIN, unregister fingerprint).
    • It may be a hardware authenticator, such as a YubiKey. It may be:
    • Sperating an operating system authenticator, such as Touch ID or Windows Hello.
    • It may be a software Software authenticator, such as tpm-fido.
    • It may be a password Password manager with passkey support, such as Dashlane.
  • The actions performed during this test are parts of regular usage and should not affect it in any way. However, you may decide to use a brand-new authenticator, reset or clear it to avoid any conflicts during the test.
  • If necessary, delete the passkey that you create during this testing if it prevents you from creating it again. This should not happen, but if it does, please provide a screenshot and an accompanying note. If you are willing to, reset the authenticator's settings (e.g., disable PIN, unregister fingerprint).
  • Then don't test it, or fill "yes" into "I registered a PIN/password/finger/face in the authenticator before the session".
  • Fill in the details in the table below:

$$Tester:
@ (name yourself)$${10{


}}$$Date:
Use '//' wiki date$${15{

}}$$Authenticator (or device) vendor:
Yubico, Apple, Dell, HP, Android phone brand...$${3{

}}$$Authenticator (or device) model:
YubiKey 5, iPhone 13, PC model name, MacBook year size, MacBook Air year size, MacBook Pro year size...$${20{

}}$$OS and its version:
iOS 13, macOS 10.5.8, Windows 10 22h2, Windows 11 22h2, Android 13...$${25{


}}$$Browser and its version:
Chrome 114, Firefox 114...$${30{

}}$$I registered a PIN/password/finger/face in the authenticator before the session:

Enter yes or no$$
{35{


}}$$

  • Be prepared to capture screenshots of each system/browser dialogue that appears. Later in this process, you will register a passkey multiple times.

...

$$}}Copy-paste the diagnostic results on the right as text (rows are labeled labelled the same):

Platform authenticator (isUVPAA):


Conditional Mediation (Autofill UI):


CTAP2 support (Firefox):

$$


{40{


}}$$

Set repeated settings

  • Click the "+" button to create a passkey. Choose the following values:
    • RP Info: This domain
    • User Info: Bob
    • Attachment: undefined
    • Require Resident Key: true
    • Resident Key (L2): required

...

Capture screenshots during the first test in each step, plus any time a new screen appears in any other test. (Usually, all tests will look the same, .

  • Capture and paste below the screenshot of various prompts, screens, dialogues, questions or messages that show up during passkey registration as you encounter them.
    • If some options are offered, snapshot them as well, but do not change anything.
    • There is no need to repeat similar screenshots, you can also add a text note if find an error or something interesting.
    • As you see additional screens during subsequent interactions, just add them here. Usually, interactions will look mostly the same, so there is no need to take duplicate screenshots.

...

Paste screenshots here in this table or as otherwise suitable:

















Test User Verification

  • Select User Verification: Discouraged and click CREATE.

...

Paste screenshot(s) on the right:
If some options are offered, snapshot them, but do not change anything.

  • CopyFollow the requested steps to create a passkey, then copy-paste the result from the web app.

$$UVUCopy-paste the result on the right:
Put unsupported if there was an error$${45{


}}$$

  • Select User Verification: Required and click CREATE.


  • CopyFollow the requested steps to create a passkey, then copy-paste the result from the web app.

$$UVRCopy-paste the result on the right:
Put unsupported if there was an error$$

$$

{50{


}}AND SO ON...

Test Attestation

  • Select Attestation: Enterprise and click CREATE.
    1. Copy-paste the resulting registration data into row 3. Attestation: Enterprise, or input "unsupported" if there was an error.
  • Select Attestation: Direct and click CREATE.
    1. Copy-paste the resulting registration data into row 4. Attestation: Direct, or input "unsupported" if there was an error.
  • Select Attestation: Indirect and click CREATE.
    1. Copy-paste the resulting registration data into row 5. Attestation: Indirect, or input "unsupported" if there was an error.
  • Select Attestation: None and click CREATE.
    1. Copy-paste the resulting registration data into row 6. Attestation: None, or input "unsupported" if there was an error.
  • If none of the previous four tries worked, select Attestation: Undefined and click CREATE.
    1. Copy-paste the resulting registration data into row 6. Attestation: None, or input "unsupported" if there was an error.
  • If Attestation: Direct worked, select it; otherwise, if Attestation: Indirect worked, select it; otherwise select Attestation: Undefined.

...