W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2016

[webauthn] Clarify how a user can authenticate from multiple devices

From: cjthompson via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 Jul 2016 18:53:43 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-167682970-1469559221-sysbot+gh@w3.org>
cjthompson has just created a new issue for 
https://github.com/w3c/webauthn:

== Clarify how a user can authenticate from multiple devices ==
The current draft specification makes no attempts to address the 
question of authentication by a user from different devices.

Consider the following common use cases:

1. A user wishes to access their account from multiple devices that 
they trust; e.g., a desktop computer, a laptop computer, and a mobile 
device.

2. A user wishes to access their account from an untrusted device; 
e.g., a friend's laptop.

The specification doesn't include recommendations to implementers on 
how to address these common scenarios. Once a private key has been 
created, how does a user authorize other devices to gain access to the
 account?

Passwords are portable.  As long as one recalls the password, an 
account can be accessed from any device.  If Web Authentication has 
the goal to replace passwords, then it must address the issue of 
portability.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/151 using your GitHub account
Received on Tuesday, 26 July 2016 18:53:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:23 UTC