Non-discoverable credentials (also called non-resident keys) are not stored on the authenticator in a way that allows them to be automatically discovered. Instead, the server retains the credential identifier and provides it during sign-in so the authenticator can locate the correct private key. This approach offers strong cryptographic security but requires the user to first identify their account (for example, by entering a username). Non-discoverable credentials are well suited for use as a second factor alongside passwords or in scenarios where authenticator storage is limited. Please note that in practice many modern authenticators create discoverable credentials even when non-discoverable ones are requested, usually due to platform or device policies.

This page demonstrates the use of non-discoverable credentials. You'll need to type a username and a display name during sign-up. For subsequent sign-ins, however, only your username will be required.