[webauthn] Clarify how a user can authenticate from multiple devices from cjthompson via GitHub on 2016-07-26 (public-webauthn@w3.org from July 2016)

From: cjthompson via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 Jul 2016 18:53:43 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-167682970-1469559221-sysbot+gh@w3.org>

cjthompson has just created a new issue for 
https://github.com/w3c/webauthn:

== Clarify how a user can authenticate from multiple devices ==
The current draft specification makes no attempts to address the 
question of authentication by a user from different devices.

Consider the following common use cases:

1. A user wishes to access their account from multiple devices that 
they trust; e.g., a desktop computer, a laptop computer, and a mobile 
device.

2. A user wishes to access their account from an untrusted device; 
e.g., a friend's laptop.

The specification doesn't include recommendations to implementers on 
how to address these common scenarios. Once a private key has been 
created, how does a user authorize other devices to gain access to the
 account?

Passwords are portable.  As long as one recalls the password, an 
account can be accessed from any device.  If Web Authentication has 
the goal to replace passwords, then it must address the issue of 
portability.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/151 using your GitHub account

Received on Tuesday, 26 July 2016 18:53:56 UTC