Re: [webauthn] Is there a community for webauthn implementation discussion?

> While I have some eyeballs, one question I plan to ask fellow prospective implementations is how to deal with key loss. ie. with TOTP based 2FA backup codes exist, and many places encourage printing / storing securely these codes. What are people thinking on this topic?

What prevents your implementation from having backup codes? That seems outside the scope of WebAuthn. If you provide the user with a backup code (which is a one-time use code that leads to account reset, like the link in an account password reset email) then your login flow can provide an opportunity to use the backup code to reset their account and remove the lost key.

-- 
GitHub Notification of comment by dsanders11
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1106#issuecomment-433646161 using your GitHub account

Received on Saturday, 27 October 2018 18:55:00 UTC