Re: [webauthn] Virtual authenticator should allow `counter` to always be `0` (#2363) from Matthew Miller via GitHub on 2026-01-28 (public-webauthn@w3.org from January 2026)

From: Matthew Miller via GitHub <noreply@w3.org>
Date: Wed, 28 Jan 2026 19:57:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3813576898-1769630263-noreply@w3.org>

From WG meeting today: there's two possible behavioral changes we can make to virtual authenticators to modernize them for the current synced passkeys age we're in:

- Add something like "`defaultSignCount`" to [Add Virtual Authenticator](https://w3c.github.io/webauthn/#sctn-automation-add-virtual-authenticator) that defaults to `0`. When the authenticator is initialized with a default signature counter of `0`, normatively define the authenticator's behavior to **not** increment `authData.signCount` in registration and authentication ceremony responses
- Continue with https://github.com/w3c/webauthn/pull/2382 to allow for setting a sign count on an existing credential. The value of `authData.signCount` in subsequent authentication responses for the specified credential should be in line with behavior defined above for the authenticator in determining when to increment the signature counter.

-- 
GitHub Notification of comment by MasterKale
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2363#issuecomment-3813576898 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 28 January 2026 19:57:46 UTC