Windows
Local Authenticator
(create and use passkeys from the local device)
PlannedExternal Authenticator
(create and use passkeys from another device)
Partially SupportedOverview
Windows Hello, the local platform authenticator in Windows 10 and 11, has the following capabilities:
- creating and using device-bound passkeys on the local device
- creating and using device-bound passkeys on a FIDO2 security key
The following is also possible in both Windows 10 and 11:
- using passkeys from iOS and iPadOS devices in Chrome (108+) and Edge (108+) for signing in to web services using FIDO Cross-Device Authentication
- using passkeys from Android devices in Chrome (108+) and Edge (108+) for signing in to web services using FIDO Cross-Device Authentication
Platform Notes
- The authenticatorAttachment property of responses, planned for specification delivery in WebAuthn L3, is not currently available in responses to
navigator.credentials.getwhen using the platform authenticator or a hardware security key. It is supplied during credential creation, or when using FIDO Cross-Device Authentication for an authentication ceremony.
Cross-Device Authentication
Windows does not currently support FIDO Cross-Device Authentication (CDA) globally at the operating system level. CDA is available, however, directly in both Chrome and Edge on Windows 10 and 11.
Persistent linking is available between Android devices (authenticator) and Chrome and Edge (clients) on Windows. iOS and iPadOS do not support persistent linking.
Resources
Coming Soon
Last Updated: Sep 15, 2023