- From: John Bradley via GitHub <sysbot+gh@w3.org>
- Date: Tue, 02 Jan 2018 17:52:42 +0000
- To: public-webauthn@w3.org
all the concern seems more around how resident credentials are protected. It shouldn't matter if the resident credential is being used as first or second factor. Both need to be protected. I think any sort of resident credential needs to be protected with at least a device pin. I am not sure that a resident credential with no userID is sufficient protection, without some device unlock. I think from a CTAP point of view a resident credential is resident credential. John B. -- GitHub Notification of comment by ve7jtb Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-354829840 using your GitHub account
Received on Tuesday, 2 January 2018 17:52:43 UTC