Known Issues
A list of known issues with passkey implementations
According to Samsung documentation ( source), Samsung Pass creates synced passkeys which are available on other devices where Samsung Pass is installed.
During testing on 2024-09-05, it was observed that passkeys created in Samsung Pass return the backup eligible flag as false, signaling a device-bound passkey.
Test device details:
{
"id": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
"rawId": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
"response": {
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIgWXza-be0D1PEO71VmL0sK0vsFL23vXmuEWsIMDC630cCIQDI94Li83tC9ObYsl_KLeetJYJF1LYhX4P4-LrPleUQJmN4NWOBWQJoMIICZDCCAgigAwIBAgIJAPV8v0W8CvhMMAwGCCqGSM49BAMCBQAwgaYxHzAdBgNVBAMTFlNhbXN1bmcgRWxlY3Ryb25pY3MgQ0ExHDAaBgNVBAoTE1NhbXN1bmcgRWxlY3Ryb25pY3MxFzAVBgNVBAsTDlNhbXN1bmcgTW9iaWxlMRMwEQYDVQQHEwpTdXdvbiBjaXR5MQswCQYDVQQGEwJLUjEqMCgGCgmSJomT8ixkAQEMGlNhbXN1bmdEZXZpY2VSb290Q0FLZXlfRUNDMB4XDTIzMDkxOTA1NDkxNFoXDTQzMDkxNDA1NDkxNFowfzELMAkGA1UEBhMCS1IxHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ryb25pY3MxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xLjAsBgNVBAMMJVNhbXN1bmcgRWxlY3Ryb25pY3MgRklETzIgQXR0ZXN0YXRpb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZokK4d5QdhN9fFJTb_T206U1WmxQRCJbqb-UCaq9siPVKBA6TaSrPCIU8GjeXbUa85FYYH6EMWh_QOnNjQWWbo0MwQTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIGwDAhBgsrBgEEAYLlHAEBBAQSBBBTQU1TVU5HAAAAAAAAAAAAMAwGCCqGSM49BAMCBQADSAAwRQIhAIBCXe_4AlECip2G3nTS0GrRtIHbaVW_0hLy8ys3EdyoAiAETMcz76gqzLoHQODkkk_nbSEu0WAGPh7bK3Y-1m6uZWhhdXRoRGF0YVikdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiaGJBaUtkcE5YOTBFYVlZTlAtaVFTbjBGTGlHSnFCUFdUQUJEbkI4ZnhxenNpQzdxNlYxUUNJcUZMTlVwdTBMQWx5WHMxaE1ETFhOVld6N0hOQl8wanciLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
"transports": [
"hybrid",
"internal"
],
"publicKeyAlgorithm": -7,
"publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETkdAOwTRnQqt68SbrvAXA3jej0HyE1CCXdUhb6K5pMzcE9pn7rxH0TR2X6-IpB2MsH_tBj3NZ08PXVig_TRPgg",
"authenticatorData": "dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I"
},
"type": "public-key",
"clientExtensionResults": {
"credProps": {
"rk": true
}
},
"authenticatorAttachment": "platform"
}The following list of passkey providers have not implemented User Verification in a spec-compliant manner.
| Provider | Architecture | uv=required | uv=preferred |
|---|---|---|---|
| 1Password | Extension | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| 1Password | Native | ✅ Performs UV | ✅ UV flag accurate |
| Bitwarden | Extension | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| KeepassXC | Extension | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| Okta Personal | Extension | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| Proton Pass | Extension | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| Proton Pass | Native | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
| Strongbox | Native | ❌ Handles request without performing UV, sets UV true | ❌ Sets UV true without performing UV |
Architecture:
Extension= web browser extension,Native= OS native app using provider APIs