For years, Android users have faced a frustrating limitation—Android does not support CTAP2 over NFC. In practice, this means no PIN verification and no discoverable credentials (passkeys) when using NFC. USB-C keys have much better support, but NFC keys are limited to simple tap-to-authenticate flows without proper user verification. That said, there finally seems to be a solution.

What makes this more disappointing is that this is not a new or unknown issue. Hardware manufacturers, developers, and everyday users have been raising this problem with the Android team for several years—without any visible reaction or fix at the OS level. That’s why we were both surprised and genuinely pleased to discover that what a giant like Google has not managed to address, a single independent developer has.

We would like to introduce the Authnkey project: https://github.com/mimi89999/Authnkey, which finally solves the issue.

This project provides a workaround that effectively brings CTAP2-style capabilities to NFC keys on Android by acting as a Passkey provider / Credential Manager service, handling the correct communication with your FIDO2 key or card over NFC. It is far from ideal and still a work in progress, but it does solve the core issue—and that alone is remarkable.

Yes, this may sound a bit premature to announce. At the moment, Authnkey is distributed as an APK via F-Droid and is not available on Google Play. Still, that is arguably the easiest problem to solve. What truly matters is that a solution exists today, even if it is only a temporary one, hopefully, until Android finally addresses this properly at the operating system level.

Sometimes, progress doesn’t come from the top down. Sometimes, it comes from one developer deciding that “this should work” and making it happen.