Re: [webauthn] Consider dropping requirement for TUP on create()

I'm worried that the webauthn experience will be worse than existing mechanisms (TouchID, Fingerprints on Android) when addressing the same use cases. 

"Bypass your password next time you use this (web)app, and use your fingerprint instead" is such an existing use case. Today, users are used to just turn on this kind of feature, without having to show a test of user presence at that point.

re/ resident keys: any suggestions on how to address that? Resident keys on external Authenticators is a new use case, one where users don't have pre-conceived notions on how it should work.

-- 
GitHub Notification of comment by balfanz
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/564#issuecomment-329638508 using your GitHub account

Received on Thursday, 14 September 2017 23:45:58 UTC