diff --git a/src/PowderCoating.Web/wwwroot/js/passkey.js b/src/PowderCoating.Web/wwwroot/js/passkey.js
index f98c08c..47826d3 100644
--- a/src/PowderCoating.Web/wwwroot/js/passkey.js
+++ b/src/PowderCoating.Web/wwwroot/js/passkey.js
@@ -186,11 +186,21 @@ async function loginWithPasskey() {
 
 // ─── Feature detection ────────────────────────────────────────────────────────
 
-/** True if this browser + platform support WebAuthn conditional UI (passkeys). */
+/**
+ * True if the device has a user-verifying platform authenticator (Face ID,
+ * fingerprint, Windows Hello, etc.) that can handle our modal passkey flow.
+ *
+ * Deliberately uses isUserVerifyingPlatformAuthenticatorAvailable() rather than
+ * isConditionalMediationAvailable(). The conditional API signals to iOS Safari
+ * that the page wants autofill-style passkey interception, which causes iOS 17+
+ * to show its own native passkey enrollment sheet when the password form is
+ * submitted — not what we want. The platform authenticator check simply asks
+ * "can this device do biometrics?" with no side-effects.
+ */
 async function passkeySupported() {
     if (!window.PublicKeyCredential) return false;
     try {
-        return await PublicKeyCredential.isConditionalMediationAvailable?.() ?? false;
+        return await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
     } catch {
         return false;
     }