- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 28 Aug 2019 16:52:51 +0000
- To: public-webauthn@w3.org
Actually, I am thinking setting it level 2 has a usability issue. Suppose a RP is currently creating resident credential and forgot/don't know about this extension and using it in a username/password + touch mode. And browser is setting it be default to level 2. Then in future, RP wants to go usernameless and passwordless flow. It can go passwordless but not usernameless as credential created always require allowlist with level 2. User has to reregister the credential with level 3 which is a pain and unfortunate. Setting it to level 1 allows that transition. Setting it to level 3 does not allow the credential to be used in second factor mode. Thoughts? -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1287#issuecomment-525830375 using your GitHub account
Received on Wednesday, 28 August 2019 16:52:54 UTC