Surely a simple “here’s a credential that proves who I am” must be considered “pretty good”. Let’s keep things simple. The older passwordless solutions are not that simple. Alan Davies +1 818 415 0211 On Nov 7, 2021, at 14:38, Kyle Den Hartog <kyle.denhartog@mattr.global> wrote: It's hard to make an evaluation of what's better without having any sort of use case or requirements listed. If you're only trying to achieve authentication like just a basic login, then a VC is probably overkill in what you're trying to achieve. However, if you're trying to build a registration flow or architect the system so that the backend system operates completely stateless, I could see advantages to using a VC based system. Also, when you say password-less auth there's a whole class of potential methods you could use to achieve this. For example, webauthn, HTTP Signatures, DIDComm based co-protocol, or many other variations exist to achieve a password-less based auth system. However, without more details it's hard to compare any of them. -Kyle From: sethi shivam <sethishivam27@gmail.com> Sent: Sunday, November 7, 2021 1:22 PM To: W3C Credentials CG (Public List) <public-credentials@w3.org> Subject: Password-less auth vs VC-auth EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hi team , I am looking for the reasons why vc-auth is better than password-less auth. And if i lose my phone , which process is less painful to get my credentials back ? Best Regards Sethi Shivam
Received on Monday, 8 November 2021 03:56:06 UTC