Is there a way to get a stable unique identifier for a U2F device using the Web Authentication API (WebAuthn)?

Question

I would like to build an authentication system where a user can not provide any information (no username, email, etc.) and simply use their U2F device to identify themselves as well as authenticate.

From what I can tell from looking at the Web Authentication API, it appears that the U2F device will create a new public key every time create() or get() is called.

Is there a way to get a stable id from a U2F device that can be used for identification?

score 1 · Answer 1 · answered Oct 13 '18 at 20:39

1

No, this will not work. Because U2F can be used with multiple identities.
WebAuthn proves that you are a specific identity. So you have to provide this information.

answered Oct 13 '18 at 20:39

Markus

512
1
4
21

Is there a way to get a stable unique identifier for a U2F device using the Web Authentication API (WebAuthn)?

1 Answers1