Why does Google password manager create a passkey for a site even though the page of the site does not have focus?

Asked 7 months ago

Viewed 48 times

Steps to reproduce the problem:

Open up Chrome on a computer and go to https://webauthn.io .
Enter a random username and click Register.
Choose "Use a different phone or tablet".
Scan the QR code using an Android device.
Then, click on the link that looks like FIDO:/xxxxxxxxxx on the Android device.
On the Android device that was used to scan the QR code, click on the "Connect devices" button.
When the text "Create a passkey" appears on the Android device, click on Continue.
Unfocus the https://webauthn.io page on the computer (do not close the page).
Create a passkey using the mobile device's screen lock.
Navigate back to the same https://webauthn.io tab on the computer.

You should be able to see the message:

"The operation is not allowed at this time because the page does not have focus."

However, Google password manager still creates a passkey for https://webauthn.io. Why is that the case?

46.6k18 gold badges101 silver badges302 bronze badges

asked Apr 11 at 14:47

Justin Chan

0