[webauthn] Portability of private keys

HuangYuSan has just created a new issue for https://github.com/w3c/webauthn:

== Portability of private keys ==
Since this standard is intended to be able to replace password-based logins, there is one issue that I think needs to be addressed: When the user signs up for an account with a password, they can create backups of their credentials. When they sign up with WebAuthn, by the nature of a secure environment they cannot extract their private key from the authenticator (unless it's purely software-based, like Windows Hello). So if they lose it, that's like losing all your passwords.

Are there any plans to prevent such a situation?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/865 using your GitHub account

Received on Wednesday, 11 April 2018 11:08:59 UTC