Set signCount to 0 (#520)

apps/browser-extension/src/entrypoints/background/PasskeyHandler.ts

@@ -258,25 +258,19 @@ export async function handleStorePasskey(data: {
 }
 
 /**
- * Update passkey last used time and sign count
+ * Update passkey last used time (sign count always remains 0 for cross-device sync compatibility)
  */
 export async function handleUpdatePasskeyLastUsed(data: {
   credentialId: string;
-  newSignCount?: number;
 }): Promise<{ success: boolean }> {
-  const { credentialId, newSignCount } = data;
+  const { credentialId } = data;
 
   // Find and update the passkey
   for (const [key, passkey] of sessionPasskeys.entries()) {
     if (passkey.credentialId === credentialId) {
       passkey.lastUsedAt = Date.now();
-
-      // Update sign count - either use provided value or increment
-      if (newSignCount !== undefined) {
-        passkey.signCount = newSignCount;
-      } else {
-        passkey.signCount++;
-      }
+      // Sign count always remains 0 for cross-device sync compatibility
+      passkey.signCount = 0;
 
       sessionPasskeys.set(key, passkey);
 

apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyAuthenticate.tsx

@@ -104,14 +104,8 @@ const PasskeyAuthenticate: React.FC = () => {
       // Flags: UP (User Present) = 1, UV (User Verified) = 1
       const flags = new Uint8Array([0x05]); // Binary: 00000101
 
-      // Sign count - increment from stored value (must increase on each use to detect cloned authenticators)
-      const newSignCount = (passkeyData.signCount || 0) + 1;
-      const signCount = new Uint8Array([
-        (newSignCount >> 24) & 0xff,
-        (newSignCount >> 16) & 0xff,
-        (newSignCount >> 8) & 0xff,
-        newSignCount & 0xff
-      ]);
+      // Sign count always 0 - disabled to ensure compatibility when syncing passkeys across devices
+      const signCount = new Uint8Array([0, 0, 0, 0]);
 
       // Construct authenticatorData (37 bytes minimum)
       const authenticatorData = new Uint8Array([
@@ -195,10 +189,9 @@ const PasskeyAuthenticate: React.FC = () => {
         userHandle: null
       };
 
-      // Update last used and sign count
+      // Update last used timestamp
       await sendMessage('UPDATE_PASSKEY_LAST_USED', {
-        credentialId: selectedPasskey,
-        newSignCount
+        credentialId: selectedPasskey
       }, 'background');
 
       // Send response back

apps/browser-extension/src/entrypoints/popup/pages/passkeys/PasskeyCreate.tsx

@@ -103,6 +103,7 @@ const PasskeyCreate: React.FC = () => {
 
       // Flags: UP (User Present) = 1, UV (User Verified) = 1, AT (Attested Credential Data) = 1
       const flags = new Uint8Array([0x45]); // Binary: 01000101
+      // Sign count always 0 - disabled to ensure compatibility when syncing passkeys across devices
       const signCount = new Uint8Array([0, 0, 0, 0]);
       const aaguid = new Uint8Array(16); // All zeros for this implementation