We're now live! Signup now
All the major browsers now support passkeys, however biometric support is often limited to those browsers with tight platform integration e.g. Safari on iOS and Chrome on Android.
These browsers are known to support passkeys as of April 2024.
Safari - Uses native biometics e.g. TouchID for user verification.
Chrome - Note: TouchID based user verification is not currently supported.
Firefox - Whilst firefox supports the wider WebAuthn API, it doesn’t yet
support platform authenticators - i.e. the user will need to use a dedicated
authenticator like a YubiKey.
Safari - Uses native biometics e.g. TouchID/FaceID for user verification.
Chrome - Note: TouchID based user verification is not currently supported.
Note: Windows does not sync passkeys, instead they are stored locally.
Edge - Uses Windows Hello facial recognition or PIN.
Chrome - As above.
Firefox - Whilst firefox supports the wider WebAuthn API, it doesn’t yet
support platform authenticators - i.e. the user will need to use a dedicated
authenticator like a YubiKey.
Chrome - Fully supported, including biometrics & syncing.
Please see the caniuse page for version specific support.
Founder
If you've followed the previous instalments in this series, you'll have built a SvelteKit app with passkey authentication, session management and authorization. It's functional, but it feels a bit clunky. Let's improve things.
In this tutorial you'll build on your previous work to integrate passkeys with Lucia users and sessions. You'll handle session creation, expiry and invalidation, and protect your routes using SvelteKit hooks.
In this tutorial you'll learn how to add passkey authentication to your SvelteKit apps. You'll register a passkey and use it to login. In subsequent tutorials I'll show you how to add session management, social login and more.
Passkeys are tied to specific (https) websites. Browsers won't use a private key intended for one website to sign a challenge generated by a different site.
Roaming authenticators allow users to sign in to a website on one device, using a passkey stored on a different device.
Passkeys enable two factor authentication (including biometrics). Users can even use a biometric enabled device e.g. iPhone FaceID to authenticate against a device lacking this capability e.g. a desktop.