SimpleWebAuthN Additional Device Passkeys for Same User

[renchris]

Hi Matthew and the SimpleWebAuthN community,

What is the recommended best practice and secure implementation flow for registering additional device passkeys for a user?

The user first registers for a new account with their unique identifier (ie. their email or a username) with their biometric passkey. They now have a passkey for their device (ex. their current laptop). How would we implement the next steps of securely adding other device passkeys to the same and unique account(ex. they wish to add additional devices and passkeys for their phone, tablet, and/or desktop)?

Passkeys are to reduce and remove the less secure methods of 2FA and email sign-ins, so I'm wondering how to implement this additional device passkey registration without adding back in these additional methods. Or if it's necessary, what is the most secure and best practice way for the least exposure and risk to these previous methods?

Thank you in advance for your time