diff --git a/src/lib/common.js b/src/lib/common.js
index ed55f305..abae61bc 100644
--- a/src/lib/common.js
+++ b/src/lib/common.js
@@ -159,6 +159,14 @@ export function base64encode(arrayBuffer) {
     return btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));
 }
 
+export function base64decode(str) {
+    if (!str) {
+        return '';
+    }
+
+    return atob(str);
+}
+
 export function arrayBufferToString(arrayBuffer) {
     return String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));
 }
diff --git a/src/lib/webauthn.js b/src/lib/webauthn.js
index 39544523..7d2c0f22 100644
--- a/src/lib/webauthn.js
+++ b/src/lib/webauthn.js
@@ -4,7 +4,8 @@ import {
     isFunction,
     stringToArrayBuffer,
     arrayBufferToString,
-    base64encode
+    base64encode,
+    base64decode
 } from './common.js';
 import {
     generateRandomString
@@ -84,7 +85,7 @@ function registerCredential({ username, secret }, { nickname }) {
         const clientData = rawCredential ? parseClientData(rawCredential) : null;
         const publicKey = rawCredential ? parsePublicKeyFromAttestationData(rawCredential) : null;
 
-        const challengeFromClientData = clientData && clientData.challenge ? atob(clientData.challenge) : null;
+        const challengeFromClientData = clientData && clientData.challenge ? base64decode(clientData.challenge) : null;
 
         logger.debug('webauthn create raw response', rawCredential);
 
@@ -146,7 +147,7 @@ function verifyCredential({ username }, credentialId) {
         challenge: stringToArrayBuffer(challenge),
         rpId: window.location.hostname
     });
-    publicKeyCredentialRequestOptions.allowCredentials[0].id = stringToArrayBuffer(atob(credentialId));
+    publicKeyCredentialRequestOptions.allowCredentials[0].id = stringToArrayBuffer(base64decode(credentialId));
 
     logger.debug('webauthn get options', publicKeyCredentialRequestOptions);
 
@@ -154,7 +155,7 @@ function verifyCredential({ username }, credentialId) {
         publicKey: publicKeyCredentialRequestOptions
     }).then(rawCredential => {
         const clientData = rawCredential ? parseClientData(rawCredential) : null;
-        const challengeFromClientData = clientData && clientData.challenge ? atob(clientData.challenge) : null;
+        const challengeFromClientData = clientData && clientData.challenge ? base64decode(clientData.challenge) : null;
         const userIdParts = rawCredential && rawCredential.response && rawCredential.response.userHandle ? arrayBufferToString(rawCredential.response.userHandle).split('|') : null;
 
         logger.debug('webauthn get raw response', rawCredential);