• Passwordless takes time:
    • Having an MFA deployment prior to adoption into passwordless will ease the process.
    • Setting up and testing takes time. There is a high upfront cost with time, planning, and testing. You need to understand the different behavior when interacting with different software and then test and determine what's best for your users before rolling out passwordless. Stay with the guidelines you've set to simplify the onboarding and support process moving forward.
  • You are now in the hands of the implementers for the standard:
    • Chrome, Safari, Edge, and Firefox might have different behaviors that you must take into account.
    • Client browser or OS updates could change the experience.
    • Using different browsers requires multiple registrations.
  • User experience:
    • Format for selecting registered devices
  • User verification and adaptive authentication:
    • Risk-based authentication

Web browsers

Different clients will provide a slightly different passwordless experience, as shown in the following example of the differences between a prompt in Chrome and a prompt in Safari.

A pair of screen captures showing example push notifications in different browsers
Note:

FIDO must be registered twice if you are using two clients. Your organization should support at least two clients in case one encounters an issue from an update or similar.