Syncing of older credentials

[Kevin Goldman]

Hi All,

I hear conflicting stories in the community around this topic and I'm seeking clarificaiton from the leaders who know the facts — or as factual as possible : ). 

• QUESTION: If Alix (an end user) created a FIDO credential on acme.com with her iPhone or Android phone using WebAuthn 12 months ago—before passkeys were introduced or supported—will that credential become a passkey and be sync'd to Apple and Google now that she's running the latest Apple or Android operating systems? 
• RELATED: same for Microsoft when support for passkeys become supported. 
  
• RELATED: is there any interaction whatsoever that Alix needs to have with the 12 month old credential so that it's now sync'd with Apple or Google?

Thanks,

- Kevin

[Tim Cappalli]

Apple behavior is documented here: https://passkeys.dev/docs/reference/macos/#legacy-credentials

Android did not support discoverable credentials prior to passkeys, so there would be nothing to sync.

Hardware-bound credentials in Windows cannot become unbound to hardware when passkey support is added.

RP's can decide to initiate a creation flow at anytime if they want to "upgrade" the user to a standard passkey.

tim

---

From: fido...@fidoalliance.org <fido...@fidoalliance.org> on behalf of Kevin Goldman <goldma...@gmail.com>
Sent: Tuesday, January 17, 2023 13:23
To: FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Subject: [FIDO-DEV] Syncing of older credentials

 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/be6ac257-f02c-4b55-973f-a6abf752302fn%40fidoalliance.org.