[Webkit-unassigned] [Bug 271747] New: webauthn autofill no longer prefers passkeys

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 26 23:52:01 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=271747

            Bug ID: 271747
           Summary: webauthn autofill no longer prefers passkeys
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: james at manger.com.au

A sign-in process that supports passkey and username+password options will often start with a form with a username field that has autocomplete="username webauthn" and a webauthn sign-in started with conditional-mediation. The user will often have a password saved for the site (in the iOS and/or Chrome password manager). Users with a passkey will also have that in their password manager.

iOS used to offer a great user experience (on iOS 17.3 with Chrome or Safari). Safari and Chrome would offer passkey as the first choice. Tap the username field; tap your offered passkey; Face ID; and you are signed-in.

Now the experience has been broken in many circumstances.

Chrome will offer the saved password, not the passkey. The key icon beside the offered password option brings up a list with passwords and passkeys; however selecting the passkey does not work -- it autofills username+password, but does not perform a passkey sign-in.

Safari will sometimes offer the passkey and sometimes a password. The key icon beside the offered password option brings up a list with passwords and passkeys; however selecting the passkey does not work -- it autofills username+password, but does not perform a passkey sign-in.

The option to sign-in with a cross-platform passkey is no longer available.

It is no longer clear how or if a website can trigger a great user experience that supports a customer base with mix of passkeys, passwords, and both.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240327/72ea2334/attachment.htm>

More information about the webkit-unassigned mailing list