A system, apparatus, method, and machine readable medium are described for attesting an authenticator. For example, one embodiment of an apparatus comprises: a processor to execute an app; and an authenticator to generate a first authentication key and to securely store the first authentication key, the authenticator to generate an attestation object usable by a relying party to confirm authenticity of the authenticator, the attestation object including a first component provided by the authenticator, a second component provided by the app, and a signature generated by the first authentication key over a combination of the first and second components.