Can I use WebAuthn on HTTP for development?

WebAuthn works on localhost (treated as secure context) but not on other HTTP origins. For development on non-localhost domains, use HTTPS with self-signed certificates or a tool like mkcert to create locally-trusted certificates.

What happens if the user loses their passkey?

If using a synced passkey provider (iCloud, Google), the passkey exists on all their devices. If all devices are lost, account recovery depends on your fallback authentication methods. Always offer an alternative login method alongside WebAuthn.

WebAuthn/FIDO2 Error — Passkey and Security Key Authentication Failures

Errorsecurity

Overview

Fix WebAuthn and FIDO2 authentication errors when passkeys, security keys, or biometric authentication fail during website login.

Key Details

WebAuthn (Web Authentication) is the browser API for passwordless login using FIDO2 credentials
It supports passkeys (synced), platform authenticators (fingerprint, face), and roaming authenticators (USB keys)
Passkeys sync across devices via iCloud Keychain (Apple), Google Password Manager, or Windows Hello
WebAuthn requires HTTPS and the relying party ID (domain) must match the website domain
Browser support: Chrome 67+, Firefox 60+, Safari 14+, Edge 18+ — but feature levels vary

Common Causes

Relying party ID (rpId) does not match the website domain or a valid subdomain
User cancelled the authenticator prompt or biometric check failed
Security key not supported — wrong protocol (FIDO U2F instead of FIDO2) or unsupported transport
Passkey created on a different device and not yet synced to the current device

Steps

1Check the error type: NotAllowedError (user cancelled), InvalidStateError (credential exists), SecurityError (domain mismatch)
2Verify rpId matches the website domain: rpId 'example.com' works on example.com and sub.example.com
3For passkeys: ensure the user's passkey provider (iCloud, Google) is synced on the current device
4For security keys: ensure the key supports FIDO2/WebAuthn (not just FIDO U2F for some operations)
5Provide fallback authentication (password, OTP) when WebAuthn fails

Related Items

browser-hsts-cannot-visit-site

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Passkeys are FIDO2 credentials that sync across devices via a cloud provider (iCloud, Google). Security keys are physical devices (YubiKey, Titan) that store credentials locally on the hardware. Passkeys are more convenient; security keys are more secure.

WebAuthn/FIDO2 Error — Passkey and Security Key Authentication Failures

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions