(base64) Identifies the type (e.g. make and model) of the authenticator.
The AuthenticatorSelection.authenticatorAttachment value returned by the request.
This is a signal that the authenticator may be cloned, i.e. at least two copies of the credential private key may exist and are being used in parallel. Relying Parties (applications) should incorporate this information into their risk scoring. Whether the Relying Party updates the stored signature counter value in this case, or not, or fails the authentication ceremony or not, is Relying Party-specific.
WebAuthn4JS.finishLogin compares the stored signature counter value with the new signCount
value returned in the assertion’s authenticator data. If this new signCount
value is less than or equal to the stored value, a cloned authenticator may exist, or the authenticator may be malfunctioning.
Generated using TypeDoc
Represents the user's authenticator device.