W3C home > Mailing lists > Public > public-webauthn@w3.org > October 2018

Re: [webauthn] Is there a community for webauthn implementation discussion?

From: David Sanders via GitHub <sysbot+gh@w3.org>
Date: Sat, 27 Oct 2018 18:54:59 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-433646161-1540666493-sysbot+gh@w3.org>
> While I have some eyeballs, one question I plan to ask fellow prospective implementations is how to deal with key loss. ie. with TOTP based 2FA backup codes exist, and many places encourage printing / storing securely these codes. What are people thinking on this topic?

What prevents your implementation from having backup codes? That seems outside the scope of WebAuthn. If you provide the user with a backup code (which is a one-time use code that leads to account reset, like the link in an account password reset email) then your login flow can provide an opportunity to use the backup code to reset their account and remove the lost key.

GitHub Notification of comment by dsanders11
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1106#issuecomment-433646161 using your GitHub account
Received on Saturday, 27 October 2018 18:55:00 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:35 UTC