Introduction

FAQ

For any questions not answered here, feel free to start a discussion on the repo.

Does this store the user's fingerprint, PIN or patterns on my application? No. We only store the public key generated by the device.

Can a phishing site steal WebAuthn credentials and use them on my site? No. WebAuthn prevents phishing attacks.

Can WebAuthn data identify a particular device? No. Unless explicitly requested and authorized by the user.

Can a user register multiple devices? Yes. We suggest placing limits on how many devices a user may register, however.

Is front-end JavaScript included? Yes, however we only provide scripts required to trigger the WebAuthn prompts. You are responsible for writing JavaScript for your UI to communicate with our scripts.

Previous
Questions & Issues
Caught a mistake? Suggest an edit on GitHub