WebAuthn & Passkey Tester

Test passkeys and biometric authentication in your browser. Uses the native navigator.credentials API. Nothing is stored or sent anywhere.

Checking WebAuthn support…

Test 1: Register a Passkey

Triggers the native browser/OS biometric prompt to create a credential. The credential is discarded after the test nothing is stored.

Test 2: Authenticate with Passkey

Tests navigator.credentials.get() the authentication flow. Works with any existing passkey saved on this device.

What Are Passkeys?

Passkeys are the modern replacement for passwords. They use public-key cryptography and your device's biometrics (TouchID, FaceID, Windows Hello, YubiKey) to authenticate you.

Unlike TOTP codes, passkeys are phishing-resistant the private key never leaves your device, and credentials are bound to the specific website domain.

TOTP (current 2FA) 6-digit code, changes every 30s, manual entry, susceptible to phishing
Passkey (next-gen) Biometric, no codes, phishing-resistant, built into OS/browser

About This Tool

This tool tests whether your browser and device support WebAuthn passkeys the FIDO2-based standard for passwordless authentication. It calls navigator.credentials.create() to register a test passkey and navigator.credentials.get() to authenticate with it. No credentials are sent to any server. Use this to verify that Touch ID, Face ID, Windows Hello, or a hardware security key (YubiKey) works correctly in your browser before implementing WebAuthn in an application.

How to Use

  1. Click Register Passkey. Your browser will prompt for biometric (Touch ID, Face ID, Windows Hello) or security key authentication.
  2. Approve the prompt. The tool shows the credential ID and public key details.
  3. Click Authenticate to test signing with the registered credential.
  4. A success message confirms your device and browser fully support passkeys.

Frequently Asked Questions

What is a passkey?

A passkey is a FIDO2 credential that replaces passwords with public-key cryptography. Your device stores a private key; the server stores the matching public key. Authentication requires proving possession of the private key using biometrics or a PIN without ever transmitting a password.

Is this better than 2FA with TOTP codes?

Yes, in most cases. Passkeys are phishing-resistant because the private key is bound to the specific website domain a fake phishing site cannot trigger authentication for the real site. TOTP codes can be phished in real time by a fake login page.

My browser says WebAuthn is not supported what do I do?

WebAuthn requires a modern browser (Chrome 70+, Firefox 60+, Safari 14+) on a supported OS. If you're on Windows 7 or an older Android, upgrade your browser. The feature also requires HTTPS it does not work on HTTP pages.