My company recently passed FIDO2 L1 certification for our authenticator, which supports only CTAP 2.0 (version "FIDO_2_0"). We then discovered the issue that 2-step verification for Google accounts requires U2F, so we're in the process of adding U2F/CTAP1 support (version "U2F_V2"). Do we need to get a separate U2F certification or can we amend our existing FIDO2 certification?
When we try to run tests in "FIDO Conformance Tools v1.75 || U2F1.1/1.2 - MDS3", some of the tests fail because it expects our metadata statement to show us as a U2F authenticator, and the conformance tests for FIDO2 don't have any U2F/CTAP1 tests. It's a little confusing.
Any guidance is highly appreciated.
Thanks,
Greg