Re: [webauthn] Privacy risk from revealing allowed credentials (#1246) from Emil Lundberg via GitHub on 2019-07-02 (public-webauthn@w3.org from July 2019)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 Jul 2019 11:35:34 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-507638104-1562067332-sysbot+gh@w3.org>

RPs don't need to block non-resident authenticators, they just need to not support authentication with a non-resident credential as the only authentication factor. Second-factor use cases prevent the information leak.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1246#issuecomment-507638104 using your GitHub account

Received on Tuesday, 2 July 2019 11:35:35 UTC