> An Android phone itself can be used as a bluetooth hardware token, with Chrome on your laptop.
If you're referring to the caBLE (cloud-assisted Bluetooth LE) transport: this is still being worked on (https://github.com/w3c/webauthn/pull/909 but the actual discussion in the FIDO Alliance is non-public) and at the time of writing only works on Google properties.
To add: https://github.com/herrjemand/awesome-webauthn also mentions implementations completely in software. Whether those are a good idea depends on your taste, but for playing around you don't need any kind of hardware.
If you're referring to the caBLE (cloud-assisted Bluetooth LE) transport: this is still being worked on (https://github.com/w3c/webauthn/pull/909 but the actual discussion in the FIDO Alliance is non-public) and at the time of writing only works on Google properties.
To add: https://github.com/herrjemand/awesome-webauthn also mentions implementations completely in software. Whether those are a good idea depends on your taste, but for playing around you don't need any kind of hardware.