WebAuthn only shows option for USB Security Dongle in Windows 10 - no option for Fingerprint/PIN/Password

Question

I'm testing WebAuthn (https://webauthn.me) with the intent to implement it in a web portal. However, I need Windows users to be able to use Fingerprint sign in, not just USB Security Key. When testing from Windows 10/Chrome (latest) I only get the option to use USB Security Key, even though the laptop has a built-in fingerprint reader that is connected to Windows Hello (I can sign into Windows with the fingerprint reader). Also PIN and Password are enabled in Windows hello.

I do not have a USB Security Key device, and have never had one setup with this computer.

However, when I test WebAuthn.me and click the Register button, I am prompted with the options "External security key or built-in sensor" and "Add a new Android phone". When I select the option "External security key or built-in sensor", Windows pops up a modal box asking me to set up my security key:

However, there is no option to use a fingerprint, PIN, or password instead.

Since the fingerprint reader and PIN/Password are integrated into Windows Hello, and actively working, why won't it let me choose any of those options instead of the physical USB Security Key? Is there a parameter in the WebAuthn request that I'm missing or possibly a registry change that needs to be made?

Note that WebAuthn.me works as expected on Android Chrome (option to use Lock Screen as the login method allows fingerprint, code, etc, to be used).

Thanks for any explanation of why Windows would hide the Fingerprint/PIN/Password options and only allow USB Security Key when Windows Hello already knows about the fingerprint reader, PIN and Password as legitimate ways to authenticate the user.

Answer 1

Windows Hello requires RS256 (alg: -257) to be added to the pubKeyCredParams array. Try using https://webauthn.me/debugger which enables this by default.