- From: Lionel Wolberger <lionel@userway.org>
- Date: Fri, 25 Feb 2022 15:06:32 +0200
- To: Janina Sajka <janina@rednote.net>, public-rqtf@w3.org
- Message-ID: <CAHOHNHfwrhv_D0ekSUMdY7xMxWN8tiqcfF=Z_w5o0LTwTKz=sg@mail.gmail.com>
*The text below was posted to Issue #23 (* https://github.com/w3c/captcha-accessibility/issues/23*) and is shared here for convenience and broader discussion.* Janina and I investigated the use of WebAuthn to establish personhood via a known to be reliable authentication device, here is some progress. I read the Cloudflare proposal and did the test. It worked very smoothly on my iPhone using FaceID without any preliminary registration. This is huge step forward from the first versions which seemed to indicate that users would need a hardware key e.g. Yubico. You can try the test here https://cloudflarechallenge.com/ ============ Some useful sources for the above: Webauthn Level 2 (which seems to incorporate Level 1) https://www.w3.org/TR/webauthn-2/ Cloudflare's readable overview of the issues and their approach https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/ By Thibault Meunier Cloudflare's list of common hardware authentication devices: Apple Face ID and Touch ID, Microsoft Windows Hello, Google Android Biometric Authentication. https://blog.cloudflare.com/cap-expands-support/ By Wesley Evans and Tara Whalen A technical review of the standard https://support.cloudflare.com/hc/en-us/articles/200170136-Understanding-Cloudflare-Captchas-Managed-Challenge-and-Challenge-Passage Lionel Wolberger COO, UserWay Inc. lionel@userway.org UserWay.org <http://userway.org/> <https://userway.org>[image: text]
Received on Friday, 25 February 2022 13:07:22 UTC