Passkey (WebAuthn) authentication on Linux without external hardware keys

S

shanu4u88

New Member
Joined
Feb 2, 2026
Messages
1
Reaction score
0
Credits
24
I am implementing passkey / WebAuthn authentication using a custom login UI. The same WebAuthn code works correctly on Windows and macOS, where users are offered options such as:
  • Saving a passkey to a phone using a QR code
  • Using a platform authenticator (PIN/biometrics)
  • Cross-device passkeys (e.g., phone-based authentication)
However, on Linux machines, the browser only shows a prompt similar to:
“Use your security key. Insert your security key and touch it.”
Click to expand...
There is no option for QR-code–based phone authentication or other platform-based passkey flows, even though the site and WebAuthn configuration are the same.
I would like to understand this behaviour from a Linux and browser support perspective, specifically:
  • What is the current state of platform authenticator support on Linux for WebAuthn/passkeys?
  • How do major browsers on Linux (Chrome, Chromium, Firefox) decide whether to show:
    • Platform authenticators
    • Cross-device (phone / QR code) passkeys
    • External hardware security keys
  • Is QR-code or phone-based passkey authentication supported on Linux at all, and if so, under what conditions?
  • Do Linux desktop components (e.g., libfido2, gnome-keyring, KDE Wallet, system services) affect passkey availability?
  • Are there known limitations or design decisions that cause Linux to default to external security keys only?
Ultimately, is it possible to achieve a passkey experience on Linux similar to Windows or macOS (without requiring external hardware security keys), or is this a current limitation of Linux platform authenticators and browser integration?

Any insights, explanations, or recommended approaches would be appreciated.
 


G'day shanu4u88, Welcome to Linux.org

This answer came from 'Search Assist' in DDG.

I am assuming you are already familiar with the info here

Passkey and WebAuthn authentication on Linux allows users to log in securely without traditional passwords, using methods like biometrics or PINs. However, support for features like QR-code-based authentication may be limited compared to other operating systems like Windows or macOS.

Overview of Passkey/WebAuthn Authentication on Linux​

Passkey authentication, based on FIDO2 and WebAuthn standards, offers a secure alternative to traditional passwords. It uses cryptographic keys tied to user accounts, enhancing security by eliminating vulnerabilities associated with passwords.

Current State of Support on Linux​

Platform Authenticator Support​

  • Major browsers like Chrome, Chromium, and Firefox have varying support for platform authenticators on Linux.
  • Currently, Linux systems primarily prompt users to use external hardware security keys, lacking options for QR-code-based or phone-based authentication.

Browser Behavior​

BrowserPlatform AuthenticatorsCross-Device PasskeysExternal Hardware Keys
ChromeLimitedNot supportedSupported
FirefoxLimitedNot supportedSupported
ChromiumLimitedNot supportedSupported

Implementation on Linux​

System-Level Management​

To implement passkeys on Linux, users can install necessary packages and configure PAM (Pluggable Authentication Module):
  1. Install required packages:
    • sudo apt install libpam-u2f
    • sudo apt install yubico-authenticator
  2. Configure PAM for passkey authentication:
    • Generate mappings: sudo pamu2fcfg > /etc/u2f_mappings
    • Add to PAM configuration: auth sufficient pam_u2f.so authfile=/etc/u2f_mappings

Browser-Based Implementation​

  • Firefox supports passkeys through configuration settings.
  • Chrome/Chromium can also be configured for better passkey support.

Limitations and Challenges​

  • The Linux ecosystem faces fragmentation in passkey implementation, making it difficult to achieve a user experience similar to Windows or macOS.
  • Current limitations often default to requiring external hardware keys, which can hinder usability.
By addressing these challenges, Linux users can enhance their authentication experience with passkeys, moving towards a more secure and user-friendly environment.
linux.org fidoalliance.org
 
Last edited:
This info might be a little dated.

Mostly sites that want a passkey, want an external device (android, iPhone, fob, etc..)
But if you're computer supports it, you do habe another option... bio-metrics.
Some passkey sites will let you do facial recog, or fingerprints.

Having said that, I never use bio-metrics, but it is sometimes an option.
The bad news, your PC needs a webcam or built-in or a fingerprint reader.
 
I use passkeys with this forum, on Fedora 43 with Librewolf. The support comes through my password manager's browser extension, which is Proton Pass. For this particular site, no external key nor biometrics is required.

This is how it looks:

passkey.gif


Edit: amend browser name
 
Last edited:
Last edited:
It's very firefoxy. Just install it from your preferred repo (native or flatpak), and the rest is go and set the options to your taste.
 
You must log in or register to reply here.

Similar threads

Condobloke
One Million Two-Factor Authentication Codes Were Recently ExposedThis further underscores that SMS is the worst option for 2FA. (June 18, 2025)
Replies
15
Views
2K
KGIII
KGIII
CaffeineAddict
Authenticator for Linux
Replies
13
Views
15K
IzanagiPicaro
IzanagiPicaro
dos2unix
Current Linux Audio
Replies
7
Views
2K
dos2unix
dos2unix
K
How to disable cache support from arm64 Linux
Replies
1
Views
1K
f33dm3bits
f33dm3bits
V
Big Picture Views?? - Linux/Browsers/Search/Engines/Apps/Sourcing of PCs/Where is Personal Computing Headed??
2 3 4
Replies
61
Views
6K
KGIII
KGIII


Follow Linux.org

Members online

Total: 4,790 (members: 1, guests: 4,789)

Latest posts

Top