Surely a simple “here’s a credential that proves who I am” must be considered “pretty good”. Let’s keep things simple. The older passwordless solutions are not that simple.
Alan Davies
+1 818 415 0211
On Nov 7, 2021, at 14:38, Kyle Den Hartog <kyle.denhartog@mattr.global> wrote:
It's hard to make an evaluation of what's better without having any sort of use case or requirements listed. If you're only trying to achieve authentication like just a basic login, then a VC is probably overkill in what you're trying to achieve. However, if you're trying to build a registration flow or architect the system so that the backend system operates completely stateless, I could see advantages to using a VC based system.
Also, when you say password-less auth there's a whole class of potential methods you could use to achieve this. For example, webauthn, HTTP Signatures, DIDComm based co-protocol, or many other variations exist to achieve a password-less based auth system. However, without more details it's hard to compare any of them.
-Kyle
From: sethi shivam <sethishivam27@gmail.com>
Sent: Sunday, November 7, 2021 1:22 PM
To: W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Password-less auth vs VC-auth
EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.
Hi team ,
I am looking for the reasons why vc-auth is better than password-less auth.
And if i lose my phone , which process is less painful to get my credentials back ?
Best Regards
Sethi Shivam