We are trying to implement ‘WebAuthn with FIDO Device Biometrics’ for our mobile app.
We get following error when only ‘Email’ is set as the secondary factor:
{
“error”: “invalid_request”,
“error_description”: “No confirmed authenticators for the enabled factors”
}
Is it necessary to select Google authenticator or similar as a factor?
For mobile apps, it becomes rather difficult to scan QR code.
Is there a way for users to get the authentication code via mail when enabling biometrics?
You are seeing this error because device biometrics requires an alternate backup factor. This is due to the fact the the biometric factor is tied to a specific device and this would not allow for login on another device.
Further, the email factor is not treated as a true 2nd factor because it is tied to the same factor as the password. More details on that here.
You will need to set up true second factor (e.g. SMS) to continue with device biometrics.
Thank you for getting back to us.
We currently have the ‘free’ subscription.
Is it possible to set SMS as the second factor in the free subscription plan?