diff --git a/lenticular_cloud/views/frontend.py b/lenticular_cloud/views/frontend.py
index cfdba60..33ea08d 100644
--- a/lenticular_cloud/views/frontend.py
+++ b/lenticular_cloud/views/frontend.py
@@ -285,9 +285,13 @@ def passkey_new_process() -> ResponseReturnValue:
 def passkey_delete(id: str) -> ResponseReturnValue:
     """delete registered credential"""
 
+    user = get_current_user()
     form = ButtonForm()
+
     if form.validate_on_submit():
         cred = PasskeyCredential.query.filter(PasskeyCredential.id == id).first_or_404()
+        if cred.user_id != user.id:
+            return '', 404
         db.session.delete(cred)
         db.session.commit()
         return redirect(url_for('.passkey'))