The following table outlines common use cases and their expected behaviors when using security key authentication.
The results can vary from those described in the table if policy rules are applied. For more information, see PingID authentication policy.
| Paired devices | Browser | Results | Reason |
|---|---|---|---|
|
Security key only |
WebAuthn compliant |
The user is prompted to authenticate using their security key. |
Security key is the only allowed authentication method and the browser supports WebAuthn, so the user can authenticate using their security key. |
|
WebAuthn compliant |
The user is prompted to authenticate using their security key. If Prompt to Select is enabled, security key appears in the list of authentication options. |
The browser supports security key, which is the user's primary device. |
|
Security key only |
WebAuthn compliant |
Something went wrong. Try again later. displays. |
The user did not tap the security key within the required time, or the relevant browser window was not selected when they tapped the security key button. The user should click Retry and authenticate again. |
|
Security key only |
Not WebAuthn compliant |
Cannot authenticate with this device displays. |
The browser does not support the user's current authentication method. The user should try a different browser that is WebAuthn compliant, such as the latest version of Chrome. |
|
Not WebAuthn compliant |
The user is prompted to authenticate using the next paired device, in this case email or SMS. If Prompt to Select is enabled, security key does not appear in the list of authentication options. |
The browser is not WebAuthn compliant and does not support the use of a security key. Secondary authentication method is presented to the user. |