diff --git a/config/packages/webauthn.yaml b/config/packages/webauthn.yaml
index aa7f2f79..8e5e8e05 100755
--- a/config/packages/webauthn.yaml
+++ b/config/packages/webauthn.yaml
@@ -15,14 +15,14 @@ webauthn:
             authenticator_selection_criteria:
                 authenticator_attachment: !php/const Webauthn\AuthenticatorSelectionCriteria::AUTHENTICATOR_ATTACHMENT_NO_PREFERENCE
                 require_resident_key: false
-                user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
+                user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
             #  this is needed for SURFsecureID as we want to whitelist authenticators by vendor/certification (default is none)
             attestation_conveyance: !php/const Webauthn\PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT
     request_profiles:
         default:
             challenge_length: 64
             timeout: 30000
-            user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_PREFERRED
+            user_verification: !php/const Webauthn\AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED
 
     metadata:
         enabled: true