[w3ctag/design-reviews] Broadening the user base of WebAuthn (Issue #686)

WebAuthn is the Web standard that supports security keys: often physical USB tokens used as a 2nd factor for authentication. WebAuthn already supports being the only factor: browsers can display a list of accounts from a security key and the security key can collect a local PIN or biometric to verify that the correct person is present. But it seems unlikely that broad numbers of people are going to purchase a pair of security keys to use WebAuthn, and manage double-registering on all their sites.

Thus, in WebAuthn L3, the WG is considering several changes to make WebAuthn more broadly applicable as a password replacement and we would like to raise this with TAG.

  - Explainer: https://github.com/w3c/webauthn/wiki/Explainer:-broadening-the-user-base-of-WebAuthn

  - GitHub repo: https://github.com/w3c/webauthn

  - Primary contacts (and their relationship to the specification):
      - Adam Langley (agl), Google
      - Akshay Kumar (akshayku), Microsoft
      - Anthony Nadalin (nadalin), Chair
  - Organization/project driving the design: WebAuthn WG

Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done: WebAuthn WG
  - The group where standardization of this work is intended to be done: WebAuthn WG
  - Existing major pieces of multi-stakeholder review or discussion of this design: https://github.com/w3c/webauthn/issues/1637


We'd prefer the TAG provide feedback as (please delete all but the desired option):

  ☂️ open a single issue in our GitHub repo **for the entire review**

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/686