Hacker News new | ask | show | jobs
by lxgr 356 days ago
> Or you can use WebAuthn over Bluetooth to your phone, essentially using your phone's secure enclave (or its equivalent) as the key source.

As far as I remember, attestation is fully gone on iOS ("Passkeys" or otherwise), and mostly gone on Android too.
1 comments
cyberax 356 days ago
It's still there. You can request an attested credential, it just won't be synced.
link
lxgr 356 days ago
Not on iOS, except for devices with MDM profiles explicitly opting a given RP domain in.

It's unfortunately not possible to even request a non-synced credential anymore for non-MDM-approved websites.

link