Merge pull request #450 from passkeydeveloper/oct25-devsupport-updates

October 2025 device support updates

Author: timcappalli

content/en/device-support/index.md

@@ -160,15 +160,17 @@ This matrix represents the default capabilities for a user out of the box. Addit
     </tr>
     <tr>
       <td>
-          Passkey Upgrades <sup><a href="#fn8">2</a></sup>
+        <a href="../docs/reference/terms/#conditional-create" target="_blank">
+          Passkey Upgrades
           <br />
           (Conditional Create)
+          </a>
       </td>
       <td class="text-center">
-        {{< fa fa-calendar-plus fa-xl mb-2>}}
+        {{< fas fa-circle-check fa-xl mb-2 text-success >}}
           <span class="fs-6">
             <br />
-            Chrome
+            Chrome 142+ <sup><a href="#fn3">2</a></sup>
             <br />
           </span>
           <br />
@@ -241,7 +243,7 @@ This matrix represents the default capabilities for a user out of the box. Addit
         {{< fas fa-circle-check fa-xl mb-2 text-success >}}
           <span class="fs-6">
             <br />
-            Chrome 136+ <sup><a href="#fn3">3</a></sup>
+            Chrome 136+ <sup><a href="#fn3">2</a></sup>
             <br />
             <br />
             <br />
@@ -530,7 +532,7 @@ This matrix represents the default capabilities for a user out of the box. Addit
           <a href="/docs/reference/windows/">Windows</a>
         </td>
       </tr>
-      <tr class="align-top">
+      <tr class="align-middle">
         <td class="fw-bold">
           <a href="../docs/reference/terms/#device-bound-passkey" target="_blank">
             <span class="fst-italic">Device-bound</span> Passkeys
@@ -713,7 +715,7 @@ This matrix represents the default capabilities for a user out of the box. Addit
               </span>
         </td>
       </tr>
-      <tr class="align-top">
+      <tr class="align-middle">
         <td class="fw-bold">
           <a href="../docs/reference/terms/#attestation" target="_blank">
             Device-bound Passkey Attestation
@@ -741,7 +743,7 @@ This matrix represents the default capabilities for a user out of the box. Addit
   Device-bound passkeys supported
   <br />
   <sup id="fn8">2</sup>
-  Also requires support from credential providers
+  Also requires support from credential managers and operating systems
   <br />
   <sup id="fn3">3</sup>
   Windows 11 22H2+

content/en/docs/reference/terms/index.md

@@ -75,6 +75,17 @@ See [_Autofill UI_](#autofill-ui)
 
 See [_Autofill UI_](#autofill-ui)
 
+## Conditional Create
+
+A WebAuthn capability which allows a Relying Party to request the creation of a passkey after a successful sign in user another credential from their credential manager, such as a password.
+
+Note:
+
+- The browser, operating system, and credential manager must all support conditional create.
+- `conditionalCreate` in getClientCapabilities() represents only the browser's support for the capability and does signal OS and/or credential manager support.
+
+{{< button color="light" button-size="sm" icon="fas fa-circle-info" cue=false order="first" tooltip="Go to reference in the WebAuthn specification" href="https://www.w3.org/TR/webauthn-3/#sctn-createCredential" >}}WebAuthn Spec Reference{{< /button >}}
+
 ## Credential Exchange
 
 A standardized process to securely transfer passkeys, passwords, and other types of information from one [passkey provider](#passkey-provider) to another.
@@ -83,7 +94,7 @@ A standardized process to securely transfer passkeys, passwords, and other types
 
 ## Device-bound passkey
 
-A FIDO2 [Discoverable Credential](#discoverable-credential) that is bound to a single authenticator. For example, FIDO2 security keys typically hold device-bound passkeys as the credential cannot leave the device. Device-bound passkeys have been previously referred to as _single-device passkeys_.
+A WebAuthn [Discoverable Credential](#discoverable-credential) that is bound to a single authenticator. For example, FIDO2 security keys typically hold device-bound passkeys as the credential cannot leave the device. Device-bound passkeys have been previously referred to as _single-device passkeys_.
 
 ## Discoverable Credential
 
@@ -127,6 +138,10 @@ From the technical side, there are two flavors of passkeys: [synced](#synced-pas
 
 An app and/or service that is responsible for storing and managing passkeys. Many operating systems include a default passkey provider ([first-party](#first-party-passkey-provider)), and many also support [third-party](#third-party-passkey-provider) providers. A passkey provider is a type of [credential manager](#credential-manager).
 
+## Passkey Upgrades
+
+See [_Conditional Create_](#conditional-create).
+
 ## Persistent Linking
 
 The informal name for creating a relationship between a [Cross-Device Authentication authenticator](#cda-authenticator) (typically a phone or tablet) and [Cross-Device Authentication client](#cda-client) (typically a laptop or desktop), which enables future use without having to scan a QR code.
@@ -169,7 +184,7 @@ see [_Device-bound passkey_.](#device-bound-passkey)
 
 ## Synced passkey
 
-A FIDO2 [Discoverable Credential](#discoverable-credential) that can reliably be used for bootstrapping sign-in, without requiring other login challenges such as passwords and OTPs. "Reliable" here means that the passkey should be available to, and usable by, the user whenever they need to sign in. This availability can be achieved through different means: for example, passkey providers could sync passkeys in real-time across a user's devices, restore passkeys from a backup whenever a user sets up a new device, offer passkeys across different contexts (a passkey established from an app can be used in the browser when visiting the app’s website), or allow users to [exercise passkeys across devices](#cross-device-authentication-cda) (by, say, using the passkey from a nearby phone when signing in from a laptop).
+A WebAuthn [Discoverable Credential](#discoverable-credential) that can reliably be used for bootstrapping sign-in, without requiring other login challenges such as passwords and OTPs. "Reliable" here means that the passkey should be available to, and usable by, the user whenever they need to sign in. This availability can be achieved through different means: for example, passkey providers could sync passkeys in real-time across a user's devices, restore passkeys from a backup whenever a user sets up a new device, offer passkeys across different contexts (a passkey established from an app can be used in the browser when visiting the app’s website), or allow users to [exercise passkeys across devices](#cross-device-authentication-cda) (by, say, using the passkey from a nearby phone when signing in from a laptop).
 
 ## Third-Party Passkey Provider