The security story for signature counters is subtle[2] and the vast (vast) majority of sites are correct not to require them.
Using the Chrome virtual authenticator indeed works, and from the DevTools UI directly (three dots -> More Tools -> WebAuthn), no sockets required. It's not a vulnerability that it works. If it didn't, Apple, Google, and Microsoft would be effectively the only possible passkey providers. You can lock it down in enterprise environments if you need[3].
[1] https://www.w3.org/TR/webauthn-3/#sctn-sign-counter [2] https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn... [3] https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn...
> I wanted cryptographic proof the signature is correct before trying to forge my own.
But you aren't forging anything? You are producing a signature from your own key material? I could be missing something important, certainly. But wouldn't this be earth shattering if you can forge a p256 signature? Apologies if I'm just not getting it.
> Today we will: ... Explore [...] cloning credentials.
Perhaps I didn't read it well enough yet, but I don't see any cloning going on here.
Lastly, a lot of work was done reverse engineering that could also have happened just from reading docs. I suppose from the POV of implementing a software passkey, it's useful to have written the tracing tools for help validating your own implementation. But it's presented as if you were uncovering a secret part of the protocol.
> Do Big Sites Care?
A more important question is: should they? Left as an exercise.
> reverse-engineering CTAP2 at the byte level,
Is it reverse-engineering? Feels more like decoding. Forgive me again if I didn't understand.
Their own key would not work (unless the attacker persistently MITMs them and swaps their own credential in for every subsequent authentication) or they'd see multiple credentials being present in their account.
It's also a good idea to send out an email for every new credential added.
Pretty confident that is out of scope for any reasonable threat model.
Didn't we already know this?
Edit: I may be misunderstanding the scope of attestation in a FIDO/Webauthn context. Is it a legitimate concern that it would lock out other OSes, or would you simply need a hardware key (or perhaps a TPM), but could run what you want above it?
We already do. Mostly from the compliance side: I can't call passkeys "phishing-resistant" unless I can lock them down into unexportable passkey providers only. Some more details from a previous comment of mine:
From a corporate compliance perspective, I need to ensure that employee keys are stored in a FIPS-compliant TPM and unexportable. Key loss is not an issue because we have, ya know, an IT department. The only way I can ensure this happens is by whitelisting AAGUIDs and enforcing attestation.
With these factors I can also get out of the MFA hellhole (because I can prove that whitelisted vendor X already performs MFA on-device without me having to manage it: for example, WHFB requires something you have (keys in your TPM) and either something you are (face scan / fingerprint) or something you know (PIN), without me having to store/verify any of those factors or otherwise manage them). Same goes for passkeys stored in MS Authenticator on iOS/Android.
I don't think this is accurate. As far as I know, no credential managers (except for maybe KeePassX) allow export of passkeys, and will instead only allow for secure transfer via the new Credential Exchange Protocol.
If it's "transferable", it's not phishing-resistant (ie it's possible for a user to get bamboozled into transferring their keys to a bad actor), right? Regardless of mechanism.
You might've missed the "FIPS" part as well. This requirement effectively means the keys (or the keys to decrypt the keys) must be stored in a tamper-resistant hardware crypto device (read: your TPM) and basically no credential managers (apart from the first-party ones we have whitelisted) use the TPM for storing your keys.
TPMs can't create hardware-attested passkeys, at least they couldn't do that with the TPM 2.0 spec.
And you can just use a USB hardware token to get attested keys. Or you can use WebAuthn over Bluetooth to your phone, essentially using your phone's secure enclave (or its equivalent) as the key source.
Being able to require attested passkeys is a _good_ thing.
That's the point.
> and you're requiring people to go buy another device for little to no real security benefit.
No. The benefit is clearly there: hardware-originated keys can not be stolen under any normal circumstances. Meanwhile, synced passkeys are just fancy login/password pairs, so they can be exfiltrated by an attacker. E.g. by scanning the RAM of the passkey manager.
Of course, the operating system can try to add additional barriers, but the underlying keys must at some point be in clear text form.
Normal people are however not concerned with these Mission Impossible scenarios, and random passwords are good enough while being easy to use without an IT department to fix when it goes wrong. A password manager (which every browser has built in) already associates passwords to domains for phishing resistance. Users already should never need to enter a password manually unless the site did something stupid to try to block the password manager from working.
Whut? Passkeys work perfectly fine for "normal people".
> The benefit is not clearly there because anything that can manipulate local memory can also just use the key directly
Correct. But it does require fairly high level of system access. Hardware-bound keys also allow full hardware-attested authentication.
> Normal people are however not concerned with these Mission Impossible scenarios, and random passwords are good enough while being easy to use without an IT department to fix when it goes wrong.
If you're using truly random passwords, then you're using a password manager. And if you're using a password manager, then why not just use passkeys?
All the popular password managers support them: BitWarden, 1Pass, iCloud Keychain, even LastPass.
Also like I keep saying, every browser already has a password manager. You don't need an external one. Notably though, Firefox's password manager doesn't support software passkeys, so they are completely unusable for me, for example. I'm certainly not going to sign up for some SaaS so I can use a worse version of passwords.
That’s an overly reductionist view.
Lots of password compromises still happen due to credential reuse across services, server-side compromises paired with brute-force-able passwords, and phishing/MITM attacks, and software-based WebAuthN credentials prevent all of these.
As far as I remember, attestation is fully gone on iOS ("Passkeys" or otherwise), and mostly gone on Android too.
It's unfortunately not possible to even request a non-synced credential anymore for non-MDM-approved websites.
If you want remote attestation, Safari already has it, but I'm not sure if their attempt at standardising is going anywhere. It's been a while since the draft got updated or mentioned anywhere.
No, Safari/Apple gave up on remote attestation when they introduced passkeys, except for MDM devices where the MDM profile can allow attestation for RP domains on an opt-in basis.
And even then, the attestation you get in that scenario is just an attestation that the passkey was created on a managed device. It is not a hardware/device attestation.
We know from the Web PKI how this goes. People who have no idea what they're doing copy-paste a "good" list in 2025, but in 2035 the fact a third of vendors on that "good" list are now known villains and another third went bankrupt doesn't change the problem that stuff on the list works and everything else doesn't, because it was mindlessly copy-pasted
Narrowly, the vendor attestation could make sense if you're BigBank and you bought every employee (or maybe every customer, I wish) a FooCo security key, you can require FooCo security keys. If you're big enough you could have FooCo make you a custom model (maybe with your company logo) and attest every key is the custom model. I expect Yubico would sell you that product, if you were willing to commit to the volume. You get assurance of the exact hardware properties, and you retain the option to shop around by updating your software to trust different attestation. IMO not worth standardizing, but people really wanted this and better it exists but isn't used than it doesn't exist so they walk away.
It took Apple to implement passkeys, for FIDO auth to become as popular as it is today. Apple does not attest because they were lazy. So yes, AFAIK only a few finance sites require attestation. (For internal auth, many IdPs can optionally require attestation, from limited signing authorities. Through federation this attested auth can be used elsewhere but I don't know of any mechanism for asserting that to any relying party.)
Yes, lazy. They knew that passkeys needed to be portable to other devices. Otherwise backups (well, recovery) would be impossibly difficult, as is the case with U2F today. The way the keys are passed around by Apple does not expose them, but they didn't bother to build an ecosystem where an attestation could also be portable (think: Security World). Why bother (it's fairly hard) when you can just not attest, and you have the weight to force everyone to accept it anyway? As long as you are within the Apple ecosystem, using a legitimate hardware-generated passkey, the attestation doesn't matter anyway. So screw everyone else.
FIDO should have rejected this approach but from the very beginning they were captured by the largest corporate interests.
Now to get back to your doubt, if a registration is attested, I would be surprised if it is ignored.
It's not "lazy", it's "impossible". If you want to have synced keys, you need to have them unencrypted. Otherwise, you need to be able to establish secure links between various secure hardware storage devices.
Apple can do that within their infrastructure, perhaps. But there's just no way to do that across multiple vendors.
> FIDO should have rejected this approach but from the very beginning they were captured by the largest corporate interests.
Why? Passkeys are a perfect replacement for login/password pairs. Their implementations can also be secured as much as possible by each vendor.
And you _can_ require attestation in your WebAuthn implementation, if you think that your data is too precious.
Sure there is!
Since some superior body (FIDO) needs to declare which are the valid (or "most valid") attestation certs, not unlike the web PKI, and attestation (at higher levels) "demands" that keymat be held strictly secure by the attesting device, the CXP can be modified such that if the keymat passes between two attesting (and "arms length") authenticators, both at the same FIDO MDS level (or receiver greater), a bit is set in the exchange which tells the new/receiving authenticator to include ED in the attestation statement. That ED will indicate that the keymat passed from the original authenticator to the new authenticator, securely ie without ever being wrapped in a way that the user themselves (thus malware) had access to wrapping keys. This ED could include an original attestation as well, or not. Probably not since it wouldn't be against a nonce. Anyway, the RP can see this ED and then accept the new attestation even against a different one at registration time.
Of course this requires use of CXP and not some proprietary (frictionless) self-sync mechanism. Making that CXP "friendly" is a bunch of work, the actual hard part IMO. There's a lot more I could go on about but everyone will have lost interest by now.
Apple doesn't care about portability, the opposite in fact. Claiming that as the reason is quite a stretch. But I'm not speaking to that, just to the possibility (very much so) of such an interoperable sync between attesting but disparate authenticators.
Yes, an RP can require attestation, and yes an RP can require that attestations be FIDO MDS certified, anyway. What Apple has done is made their own job easier, out of laziness I say, because without attestation, within their own ecosystem they now don't need to create "Security Worlds" where they can attest (with same attestation cert) across synced devices. This benefits Apple, and actually Apple users, since users' keys are safe/secure if using Apple authenticators, whether attested or not, and whether RP cares or not! But the weight of Apple means that relying parties have to give up on attestation since Apple doesn't do it.
Using attestation wouldn't preclude software authenticators such as ye olde password managers, so it wouldn't force a lockout of small tech that other sibling posts are claiming are Apple's virtuous motivations. As you are correctly noting, RPs can require attestation -- well, RPs can also not require attestation if your data is not all that precious. Just as some large U2F RPs didn't require attestation. (UX, not attestation, was more the issue for U2F.) FIDO can still make a strongly worded recommendation to keep attestation optional, but eg let users know they are using an "L1" not an "L2" authenticator. Apple could have pushed to make that happen, instead of pushing non-attestation. So I still submit they took the easy/lazy way out.
> perfect replacement
hardly. at least not so far as has been realized today. (perfect is too strong a word)
Apple has made clear statements in places such as WWDC talks that they believe attestations are bad for consumer privacy and consumer choice (migrating between Passkey providers, using Password Managers of their choice). They support attestations in very specific enterprise scenarios, so they didn't lazily ignore the work altogether, they just locked it behind a security fence (MDM environments).
Apple has put in extra work to champion other (optional) parts of the spec trying to provide some of what attestation was built to do, but in more privacy-focused/privacy-preserving ways.
> FIDO should have rejected this approach but from the very beginning they were captured by the largest corporate interests.
From the standpoint of consumer Passkey privacy it certainly feels a lot more that attestations were the capture by the largest corporate interests (both Google and Microsoft championed for them as core parts of the specs), and Apple's lone dissent of the big three is the one thing stopping FIDO from having made attestations required rather than optional.
Apple used to support attestation, so while their decision to discontinue it for passkeys might have many possible motivations, laziness is the least likely in my view.
My personal take is that they've done the world a favor by removing it. If they hadn't, Google would have probably followed suit (possibly even doing it in software using some handwavy "Safety Net" arguments), and 1Password, Bitwarden, Keepass etc. would be locked out of more and more sites.
This is not an accurate description of the point of Fido phishing resistance. It isn't to make a bank feel happy the user has a hardware key unless you choose attestation. It is to make the user happy that if they click the key they know is hardware on the wrong site then that site can't MITM a site they intend to authenticate to.
(Stopping users from reusing the protocol for security between passwords and real hardware keys is basically just forcing the DRM for SaaS aspect of attestation on people because you can. If you aren't the kind of institution that issued real tokens to account holders then it is none of your business.)
webauthn in software https://github.com/bodik/soft-webauthn
Unofficial bank API client using software passkey: https://github.com/eidorb/ubank