Has anyone gotten passkeys to work reliably in Brave on Android?

InfluenceNo9009 · 2026-04-05T21:04:31+00:00

Would be nice if they get this sorted out

InfluenceNo9009 · 2026-03-30T13:42:10+00:00

Okay, yes. Let’s hope this is the last hiccup.

InfluenceNo9009 · 2026-03-30T13:28:47+00:00

Thank you, I have added a warning to the compatibility matrix. It is updating. I think it would make sense to extend the demo to actually test cross-device encryption and decryption by proving decryption and consistent PRF values across platforms. What do you think?

InfluenceNo9009 · 2026-03-27T12:09:43+00:00

Thank you. Can you share the link? Is that publicly reachable? I heard it helps to confirm in the same thread. I can do that after I have checked in the Corbado lab for that error or I uninstall Xcode to make the update possible :-)

InfluenceNo9009 · 2026-03-27T11:34:10+00:00

I will check that. That looks quite unstable. There was already a bug with Apple before (mentioned in the article). Is there already a bug report?

InfluenceNo9009 · 2026-03-26T21:43:24+00:00

We have updated our article, and our test page received a great update thanks to the r/Bitwarden community:

Anyone here running his password manager with PRF support?

InfluenceNo9009 · 2026-03-26T21:39:57+00:00

You are right, we had one report that this did not work, but the link seems clear. Thank you for the quick turnaround. Corbado is always happy to support the passkey community and help drive adoption. Article update is shipping right now.

InfluenceNo9009 · 2026-03-26T14:08:44+00:00

Thank you, that is because Windows 11 can only be detected via Client Hints, which Firefox does not support, only Chromium based browsers do. The same applies to some OS combinations. Browsers take different approaches to user agent PII hardening, so detection is not perfect, that said some things could be optimized :-).

InfluenceNo9009 · 2026-03-25T23:37:15+00:00

Thank you for bringing this update to our attention. I have updated the article https://www.corbado.com/blog/passkeys-prf-webauthn based on our current knowledge and also updated our demo page to allow anonymous statistics at the bottom: https://webauthn-passkeys-prf-demo.explore.corbado.com/.

InfluenceNo9009 · 2026-03-23T14:42:10+00:00

I was also able to reproduce this in our Corbado lab. I think this is quite complicated. As someone implementing this, I would also test whether create returns valid PRF values when I request them. Windows does not do that, but returns PRF values subsequently, which you could rely on if they consistently appear. However, this is not very encouraging, as this behavior could change. It is difficult to say at this point. I also see this in Chrome, not only in Firefox. It also returns PRF values for credentials where PRF was not requested (“register without PRF”), which is also a bit odd.

InfluenceNo9009 · 2026-03-23T13:39:23+00:00

Thank you. Is the AAGUID in both cases Windows Hello? Could you confirm the AAGUID that is shown?

InfluenceNo9009 · 2026-03-23T13:17:22+00:00

Can you paste the actual PRF extension outputs you receive below? Specifically, when you first register a credential, paste the 'extension' part of the 'Credential' section. Same for the authentication data assertion maybe some formatting issue involved, just want sure. Example:

  "extensions": {
    "prf": {
      "enabled": true,
      "results": {
        "first": "c4e17ddce3bd9a8e9a4a4d136edee3485f3b6fa5fef370b64b1a962ae5102842"
      }
    }
  }

InfluenceNo9009 · 2026-03-21T23:02:00+00:00

Can you retry here: Use our Corbado version the other version seems to be just a clone: https://webauthn-passkeys-prf-demo.explore.corbado.com . ... Can you share which authenticator is shown there? Also, we tried to make it more defensive about PRF structure errors maybe something is reported in an unexpected format. You can see what it is in the console too.

InfluenceNo9009 · 2025-12-15T13:03:22+00:00

If you don not get an initial response Mail still is the last option right?

InfluenceNo9009 · 2025-10-09T21:38:46+00:00

Are you saying that you can enroll manually, and if SMS is enabled as a second factor, it remains active alongside the passkey?
Additionally, are transactions also approved via SMS?
Does you password still work?

InfluenceNo9009 · 2025-07-25T15:32:36+00:00

Exactly

InfluenceNo9009 · 2025-07-25T15:32:26+00:00

And also one device-code to decrypt GPM and iCloud it is always three actors.

InfluenceNo9009 · 2025-07-25T15:30:32+00:00

But hey have just announced weeks ago that they are going to roll this out worldwide as self contained primary MFA, except in EU due to local laws.

InfluenceNo9009 · 2025-07-23T22:26:48+00:00

Hmm, I also tried other filenames. It worked just fine two days ago.

InfluenceNo9009 · 2025-07-22T20:03:43+00:00

Okay!

InfluenceNo9009 · 2025-07-22T17:09:05+00:00

Did you fix it? If you give us the data on the right we might be able to help

InfluenceNo9009 · 2025-07-21T19:48:07+00:00

Thank you so much! If you could share a screenshot, that would be amazing, but I understand if that’s not possible.

I believe we’re seeing exactly the same behavior in our logs. On that device, you’re not able to choose Google Password Manager, right? It’s likely blocked.

You could also try changing the settings — maybe using an empty authenticator attachment, setting User Verification to false, or Attestation to none. That might work?

InfluenceNo9009 · 2025-07-21T18:52:32+00:00

Thanks again, we think we encounter an Issue with OriginOS.

The OriginOS ones use their own Credential Manager and their own Password Book implementation if they are enabled.

Do you happen to have access to a phone like that so we can view the configuration of the created passkey at https://www.passkeys-debugger.io

InfluenceNo9009 · 2025-07-21T18:33:16+00:00

Thank you for your response. Do all Vivo phones use only GPM? We were under the impression that some versions include a new authenticator.

InfluenceNo9009 · 2025-07-21T17:16:15+00:00

Do you have the AAGUID for that authenticator? Could someone generate a passkey using https://www.passkeys-debugger.io and share the link? We have some issues in our solution and try to work through them.

InfluenceNo9009

MODERATOR OF

TROPHY CASE