W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2018

[webauthn] Portability of private keys

From: HuangYuSan via GitHub <sysbot+gh@w3.org>
Date: Wed, 11 Apr 2018 11:08:56 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-313277400-1523444935-sysbot+gh@w3.org>
HuangYuSan has just created a new issue for https://github.com/w3c/webauthn:

== Portability of private keys ==
Since this standard is intended to be able to replace password-based logins, there is one issue that I think needs to be addressed: When the user signs up for an account with a password, they can create backups of their credentials. When they sign up with WebAuthn, by the nature of a secure environment they cannot extract their private key from the authenticator (unless it's purely software-based, like Windows Hello). So if they lose it, that's like losing all your passwords.

Are there any plans to prevent such a situation?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/865 using your GitHub account
Received on Wednesday, 11 April 2018 11:08:59 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:32 UTC