---
url: 'https://www.corbado.com/glossary/discoverable-credential'
title: 'Discoverable Credential'
description: 'Unlock the essentials of discoverable credentials for developers. Enhance your app''s security with our straightforward guide on passkey implementation.'
lang: 'en'
keywords: 'discoverable-credential'
---

# Discoverable Credential

## What is a Discoverable Credential?

A **Discoverable Credential** is a type of credential in WebAuthn, often used for
passkeys, that is stored directly on the [authenticator](https://www.corbado.com/glossary/authenticator) (e.g.,
[security key](https://www.corbado.com/glossary/security-key) like [YubiKey](https://www.corbado.com/glossary/yubikey), smartphone's
[secure enclave](https://www.corbado.com/glossary/secure-enclave)).

### Key Characteristics

- Stored Locally: Unlike non-resident keys, discoverable credentials are stored on the
  [authenticator](https://www.corbado.com/glossary/authenticator) itself.
- Easy Identification: They can be identified by the client without requiring user input
  of [credential ID](https://www.corbado.com/blog/webauthn-user-id-userhandle), as they're discoverable by the
  [authenticator](https://www.corbado.com/glossary/authenticator) for a specific
  [Relying Party](https://www.corbado.com/glossary/relying-party) ID.
- User Experience Benefits: They offer a streamlined login process, often supporting
  features like [Conditional UI](https://www.corbado.com/glossary/conditional-ui) for autofill, enhancing user
  experience by reducing the need to remember or input user handles,
- Security and Device-Specific Authentication: Tying authentication to a specific device
  adds an extra security layer.

### Limitations

- Storage Capacity: [Authenticators](https://www.corbado.com/glossary/authenticator) have a finite storage
  capacity for these keys.
- Risk with Loss of Authenticator: If the authenticator is lost or damaged, all resident
  keys on that device are also lost.
- Security Risks: Although minimal, there's a risk of key extraction if the authenticator
  is stolen.

## Key Takeaways

> - A **Discoverable Credential** is a WebAuthn credential stored on the authenticator,
>   allowing for easier and more secure authentication.
> - Offers a streamlined login experience with features like
>   [Conditional UI](https://www.corbado.com/glossary/conditional-ui), making it user-friendly.
> - Limited by the storage capacity of the authenticator and poses risks if the
>   authenticator is lost or compromised.
> - Primarily used in scenarios where device-specific authentication is required for
>   enhanced security.

---

### Understanding Discoverable Credentials

- **Role in WebAuthn Ecosystem:** They are integral to the WebAuthn framework, ensuring
  secure and
  [user-friendly authentication](https://www.corbado.com/faq/passkey-user-experience-benefits-non-technical-audience)
  processes.
- **Technical Aspects:** They utilize public-private key cryptography, stored directly on
  the device, offering a more secure form of authentication compared to traditional
  methods like passwords.
- **Usage Scenarios:** Ideal for personal devices like smartphones or laptops where
  frequent authentication is common.

### Comparison with Non-Resident Keys

- **Storage:** Non-resident keys are not stored on the device but are re-derived each time
  authentication is needed.
- **User Experience:** Non-resident keys generally require the user to input a
  [user handle](https://www.corbado.com/blog/webauthn-user-id-userhandle), unlike discoverable credentials.
- **Scalability:** Non-resident keys offer more scalability as they are not limited by
  device storage.

### Best Practices for Implementing Discoverable Credentials

- **Consider User Base:** Ideal for services where users primarily access from personal
  devices.
- **Balance Security and Convenience:** While offering enhanced security, be mindful of
  the potential risks and limitations.
- **Educate Users:** Inform users about the functionality and benefits of using
  discoverable credentials.

---

## Discoverable Credential FAQs

### What are Discoverable Credentials in WebAuthn?

- Discoverable Credentials in WebAuthn are types of credentials stored directly on the
  authenticator, allowing for more secure and
  [user-friendly authentication](https://www.corbado.com/faq/passkey-user-experience-benefits-non-technical-audience)
  processes.

### How do Discoverable Credentials enhance user experience?

- They streamline the login process by supporting features like
  [Conditional UI](https://www.corbado.com/glossary/conditional-ui), reducing the need for users to remember or
  input user handles.

### What are the limitations of Discoverable Credentials?

- Their main limitations include the finite storage capacity of
  [authenticators](https://www.corbado.com/glossary/authenticator) and the risk of losing access to credentials
  if the authenticator is lost or compromised.

### Are Discoverable Credentials more secure than traditional authentication methods?

- Yes, they offer enhanced security by storing credentials directly on the device and
  using public-private key cryptography, making them more secure than traditional
  password-based methods.