- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Tue, 19 Sep 2017 23:11:50 +0000
- To: public-webauthn@w3.org
Adding a FIDO experience for TouchID, Fingerprints on Android is a new scenario and once in a life time event. Arguably IMO, experience is not bad and is consistent with whole FIDO security promise and user experience. Regarding resident keys, on both platform as well as cross platform authenticators, should absolutely require a touch so that not any malware can fill up the authenticator storage. It is a problem for both type external as well as internal authenticators. Current design is clean and similar to U2F experience and we should not over-optimize the experience here as well as protect against malwares just messing up the authenticators silently. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/564#issuecomment-330699459 using your GitHub account
Received on Tuesday, 19 September 2017 23:11:44 UTC