- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Tue, 27 Feb 2018 22:47:02 +0000
- To: public-webauthn@w3.org
The user doesn't _need_ to know their UUID, but if there is a way to export it (for syncing, for example) you can be sure that some clever phishers will succeed to "help" some users find and enter their UUID into a form to "confirm your PayPal account". It is impossible to make this mistake with a Web Authentication hardware authenticator. >I think sync is a big demand. Again, no sync is needed to use an external authenticator on a new device. You just plug it in and log in. Then if you want you can register a platform credential on that device, if the device supports it, so you don't need the external authenticator the next time you log in to that account. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/820#issuecomment-369054739 using your GitHub account
Received on Tuesday, 27 February 2018 22:47:09 UTC